Published: February 24, 2011
Applies To: Windows Small Business Server 2011 Standard
BitLocker® Drive Encryption is an integral security feature in Windows SBS 2011 Standard. It helps protect the operating system and the data that is stored on your server. BitLocker helps ensure that the data stored on your server remains encrypted, even if the computer is tampered with while the operating system is not running. This helps protect against "offline attacks" (attacks made by disabling or circumventing the installed operating system) or by physically removing the hard disk drive to attack the data separately.
BitLocker uses a Trusted Platform Module (TPM) to help provide enhanced protection for your data and to help assure early boot component integrity. By encrypting the entire volume, BitLocker helps protect your data from theft or from unauthorized viewing.
BitLocker is for systems that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM. A compatible BIOS must support the TPM, and the Static Root of Trust Measurement as defined by the Trusted Computing Group.
For more information about TPM specifications, see the Trusted Platform Module (TPM) Specifications at the Trusted Computing Group Web site.
The TPM interacts with BitLocker to help provide seamless protection when the system starts. It is transparent to the user, and the user logon experience is unchanged. However, if the TPM is missing or is changed, or if the startup information is changed, BitLocker enters recovery mode, and you need a recovery password to regain access to the data.
|You can back up a source volume that is encrypted with BitLocker. However, if you restore the backup to your server, it is restored without BitLocker encryption. You must manually enable BitLocker on the restored volume. If the backup target volume is encrypted with BitLocker, you must disable BitLocker before you can back up to the volume. If you reenable BitLocker after the backup, and you need to restore it from the encrypted volume, you must disable BitLocker before you can restore the backup.|
For more information about BitLocker, see BitLocker Drive Encryption Overview.