Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

For MSPs configuring Windows Server 2008 R2 machines to run on customer sites, and for so-called “branch office” scenarios, we recommend the use of BitLocker. This whitepaper, although outdated (it’s for 2008, not R2), explains some of the reasons for this recommendation. In summary, small offices tend to be more exposed in terms of having a data drive walk out the front door, for example. Not that important stuff doesn’t get stolen from big companies all the time. But large data centers, on average, have better physical security.

The whitepaper also makes the case for consolidating branch office workloads using Hyper-V, and I agree with that recommendation as well. For example, JW Secure has a dedicated client machine for synchronizing our dynamic DNS record. It would be wasteful to run that on its own piece of hardware, though. Ditto for source control, file shares, etc. All virtualized, and thus easier to manage, backup, restore, move, etc.

The case for Restorify follows directly from this case for virtualization in branch offices and small business. Once you’ve consolidated the workload, you can now securely and easily replicate those entire images offsite. How long would it take to rebuild our old source control server, running on physical hardware? Probably two 12-hour days. How long would it take to rebuild our new virtualized source control server from an offsite image? Probably an hour plus driving time (unless our MSP hosts it temporarily for us, in which case you can remove driving time).

Final point tying this all together: running Hyper-V guests on a BitLocker-protected host drive is a supported configuration. That’s the main point of the whitepaper above, and the configuration we recommend for Restorify Client machines. We also recommend the use of BitLocker to go for protecting the initial full images in transit. Here’s a link to a newer whitepaper that discusses BL and BLTG.

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment