does it make any sense to use SED drives in a server?

[ThePiston]

I'm building a small business server for a small medical office. Security is tight. I'm considering using self-encrypting drives for the data.

Does this make any sense? As far as I can tell if the server had to reboot for updates or whatever, the drive would not reboot fully until someone entered a password into the BIOS.

Is there a way around this so that the server can reboot on its own without the need for a password?

 

[Mark R]

It depends on the BIOS. Most business/server grade BIOSs can be set so that the BIOS will automatically unlock the drive at POST without the need to a password to be entered manually at boot time, but this needs to be verified with the server vendor.

This reduces the protection, but will still ensure that if the hard drive is removed from the server, the drive will be inaccessible without the password.

If you apply appropriate physical security measures to the server chassis and motherboard, then an opportunistic thief that steals the hard drive will not be able to read confidential data.

 

[ThePiston]

thanks. does this bypass have a name that I can search for?

 

[Mark R]

You need to ask the server vendor specifically about SED and HDD password support and whether it supports the use of such drives without need for a manually entered password.

Most modern genuine servers should offer such an option - for example, Dell do this on their poweredge series (in this case, it is the PERC RAID card that unlocks the drives at boot).

The issue you may find is that the vendor requires you to use their specific hard drives, and not generic ones.

 

[ThePiston]

probably not available on a server i'm building. It's not a deal breaker though. thanks

 

[Phynaz]

Why not use Bitlocker with TPM?

 

[ThePiston]

Why not use Bitlocker with TPM?

was trying to make use of the hardware encryption of the new M500 but that makes sense too, thanks