PDM, Anyone have experience with PDM and bitlocker?

I found this so far:

https://support.3ds.com/knowledge-base/?q=docid:QA00000120807

So it’s “not supported” but I haven’t yet found how many ways it does not work.

I’m guessing we cannot be the only company using bitlocker on the drive that hosts the vault view.

Bitlocker is handled by a kernel mode driver. User space applications should be completely unaware of its existence aside from the 3-5% I/O performance hit.

1 Like

No impact from my experience.

1 Like

Thank you. I’ve been doing some searching but not finding much. I couldn’t get a feeling if that is because there’s no problems what so ever or nobody is using bitlocker on the vault view drive.

New requirements driving IT to encrypt our workstations, I had a few hours notice. I wanted to get in front of any potential problems we might run into. First search result was that SW washed their hands of it.

Your IT department is concerned with someone breaking into your facility and stealing your PDM server?

From Gemini:
"BitLocker is a Microsoft Windows security feature that encrypts entire hard drives to protect data at rest, ensuring information remains unreadable if a device is lost or stolen. It prevents unauthorized users from accessing files by requiring a key, password, or TPM (Trusted Platform Module) to unlock the drive.

BitLocker does not protect against malware, ransomware, or unauthorized access while the user is already logged in."

Whoa, whoa, Scott. Don’t go trying to apply logical thinking here. I tried to hint at it with “New requirements driving IT…”

1 Like

This is sort of like our IT group trying to force everyone to connect to the network via a VPN. While in the office. On a desktop machine.

Dumb decisions like this are almost always born from laziness. “We want to make everything the same so that we don’t have to work/think about stuff”.

That would stink, especially if the VPN is cloud hosted.

We’re pretty fortunate here with IT. While they will do some things like that it’s not terrible or to the point of everyone working on VPN, that sounds unstable.

This one rolled down hill through our IT dept. There may be other ways to check the box but there’s a very long list of boxes to be checked and not much time for any one of them.

In some old post somewhere Fred Law mentioned using hardware encrypted SSDs instead of software encryptions. I’m looking into that option for our next round of workstations.

1 Like

I did a search yesterday and couldn’t find any internal encrypted drives.

The one I’m using is USB drive. The USB enclosure do the hardware encryption.

There are lot’s of horror story with Bitlocker. Make sure IT keep all recovery key.

If not, it’s a ransomware attach by internal IT.

2 Likes

Yeah, I’m trying to wade through the search results of marketing crap and redit posts concerning internal SSD with hardware encryption. I didn’t even consider there being hardware encrypted internal drives, how would they know when to allow access and how are the keys presented? Lots of unknowns, which take time which is why we have bitlocker…

Technically there’s nothing on local drives that is needed and not backed up. I’m guessing lost key => reimage machine.

I have a bricked laptop in my office due to that. IT bitlocked it and one corporate buyout and two re-organizations later, they have no idea what/where the keys are. Good thing we have a few spare SW licenses, because there’s one on this laptop. At some point I’ll have our VAR release the license, but for now it isn’t urgent.

I believe the “hardware” based self-encrypting drives are labeled as “OPAL”.

We use BitLocker on all of our laptops, but desktops/servers do not run encryption.

1 Like

Enterprise drive can be hardware encrypted.