Hi, I'm looking forward to encrypt my RAID array, and am wondering what software I should pick for that task. Its already full of data so I need a tool that can encrypt the data in place, as far as I see booth Veracrypt and Diskcryptor can do that. I'm not going to use M$ bit-locker as I can't really trust a closed source product. Now I'm wondering if booth tools are equally up to the task, I of-cause want to minimize the risk of a catastrophic failure. I have my data backup-ed but only the important things (obviously given the size of the array) so in case of a total data lost on that array many VM images and HDD backups of my machines would be gone, nothing unrecoverable but a lot of work though spread on a do when needed basis. For the past years I always used diskcryptor but its not really being developed anymore and I never used it on anything larger than a few TB. I never used Veracrypt aside of in a few tests, I only used TC in the past a lot. Does anyone her uses any of the applications in question to protect a multiple 10 TB large volume? Can I assume that any product that can successfully handle > 2 TB volumes supports all sizes up to 256 TB what IIRC is a current limitation of NTFS. Or are there any potential issues that can show with a 72 TB volume which don't show when testing on a 3 TB drive? Any advise would be greatly appreciated.
I think there will be few people who have done this, even granted that a Tb ain't what it used to be. Most commercial operations with large Raid arrays will be using Bitlocker or nothing, I suspect. I take it you mean hardware-based Raid. Even there with Bitlocker, I found a weird bug to do with the specific size of a partition (near 4Tb) - I had to adjust the partition size for it to work. My belief is that it will be the partition size that drives any issues rather than total array size. Relating to that, what partition sizes are you aiming to have? If you have sufficient room to create a new one, that would give you scope for testing that size as a starter, then replicate that with migration between partitions? I don't think it's a good idea to rely on Raid protection for backup, because there are threats from fire & theft or data corruption/ransomware that would hurt your data on Raid. What I do is to use cheap plain archival HDD offsite for the bulk stuff I don't need to backup dynamically (such as VMs or machine backups).
> I think there will be few people who have done this, even granted that a Tb ain't what it used to be. I'm thinking that if some one used these tools successfully with for example a 8 or 10 TB single volume than it will also handle 70 TB. > Relating to that, what partition sizes are you aiming to have? I have one large volume on the entire Array, that's why I'm asking as the tool will have to handle a huge volume at once. > I don't think it's a good idea to rely on Raid protection for backup As I wrote already: "I have my data backup-ed but only the important things (obviously given the size of the array) so in case of a total data lost on that array many VM images and HDD backups of my machines would be gone, nothing unrecoverable but a lot of work though spread on a do when needed basis." I guess what I love to see is people posting here what are the largest volumes they used DC or VC and if they had any issues with those.
I's suggest trying on the Veracrypt forums since someone may at least have done larger capacities in testing - I've only gone to 4G. Please let us know if you do get any feedback or results from this.
what a great answer I got, from a developer non the less: Since my marge volume was less than 50% full I shrunk it and created a second one, now I have two equal size and one empty. I have copied all the data on one and its encrypting with DC if that works fine i.e. all the data read to be identical with the old one, that including also adding new data copying stuff around etc... I will set the volume read only and encrypt the original as well. I guess that is an entirely fail safe way to go. Than I will use the old volume for as long as it has enough space. As a long therm test if that works fine I will set the backup volume RW delete the old data and use it for new data. I'm not going to test VC if DC works the answer i got from a dev is everything but not confidence inspiering.
I have a 5TB HD here and VC mount it in a few seconds. I think VC will be able to handle your capacity. Or at least should be the best option.
I have played around with small volumes on a VM and it looks like DC supports expanding volumes quite ok, basically if you expand the volume DC does not care it just works on it all. It does not "encrypt" or randomizes the newly added space but that's ok. mounting works all dat alas write past the size of the old partition when creating it are ok. If you expand the volume it of cause must be mounted, otherwise after mounting the FS will still not be resized hence the added space will be unusable. Howe ever apparently you can expand it later on even more (if you have space) and than all the space is usable. If you want DC to encrypt/randomize the newly added space,just start decrypting the volume and pause it instantly than expand the volume and than press encrypt it will re encrypt the few bytes it just decrypted and encrypt all the newly added space. Offcause if you cant risk any leakage here you cant use this trick, but for my threat model that should be a viable option espetially as I use HDD's so no issues with wear leveling or alike. Veracrypt apparently is not capable of this as it does not mount the encrypted partitions transparently, so even if I would expand the encrypted partition windows would not be able to expand the FS within it as for it its some ware else. I think if everything goes well I should be quite happy with DC @ExtremeGamerBR why do you prefer VC to DC? I don't intent to ever use Win 10 and I don't need UEFI support on my NAS.
@DavidXanatos - good to hear and glad you got feedback. I think the flipping between partitions is a great idea because you can get confidence and a level of fallback for a while to ensure it works well. Personally, I'd use VC because of the VC audit and continuing nailing of TC bugs over time.
So far so good, one partition is DC encrypted and validated flawless against the original data. Its really a pity that DC development stalled for so long now. IMHO its Superior to TC/VC the transparent encryption of partitions seams to me much better than what TC/VC does.
