This is an automated archive.
The original was posted on /r/sysadmin by /u/cgiles999 on 2024-01-23 19:35:29+00:00.
Now required to encrypt at rest server data. Looking at SED drives, controller based encryption, and good old bitlocker. Should mention, we use HP Proliant servers, so the controllers would have SR Secure Encryption licensing and probably a virtual remote key manager to save some money versus the physical unit. My understanding is that SEDs require a password at server boot. If there's no way around this, then this will knock them out of the running.
I have a dumb question. Using any kind of encryption, I won't be able to pop the drives out of one server and into another if there is a physical problem? I would have to restore the server from backup to another server? I could go Bitlocker, I would just needs to add TPMs to our servers.
What say those that have been down this road? I know, I know, put your servers behind a locked door and this won't be a problem. Apparently, that's not good enough anymore. Hooray progress.