Zoho Banner September 2011

Archive for the ‘Bitlocker’ Category

The smartphone I had before I bought my Nokia Lumia 930 was a Samsung S3. I changed phones after the S3 got run over by a car (a short, but dull, cautionary tale not worth relating here). The client I was working for at the time I still had the S3 had a BYOD option whereby you could hook up to their Exchange service via Exchange ActiveSync. It seemed like a sensible thing to do. The only snag was the EAS policy that was pushed out included device encryption. As soon as my S3 was encrypted it ran like a dog. A rotund, geriatric, three-legged dog. I couldn’t live with that, so I opted out of their service and decrypted the device.

Yesterday I was browsing my Lumia 930 settings to see if encryption was an option. I couldn’t see it, so started searching the Interweb for information. Here’s what I found…

“The Windows Phone OS supports using BitLocker technology to encrypt all user data stored locally on internal data partitions. This helps to protect the confidentiality of local device data from offline hardware attacks. If a phone is lost or stolen, and if the user locks their device with a PIN, device encryption helps make it difficult for an attacker to recover sensitive information from the device.

When device encryption is enabled, the main OS and internal user data store partitions are encrypted. SD cards that are inserted in the phone are not encrypted….

….Unlike BitLocker for desktop Windows, there is no recovery key backup and no UI option for end users to enable or disable device encryption on Windows Phones. Microsoft Exchange servers and enterprise device management servers cannot disable device encryption after it has been enabled.”

Source: https://dev.windowsphone.com/en-US/OEM/docs/Phone_Bring-Up/Secure_boot_and_device_encryption_overview

This is some good info, and apparently not well known, given the paucity of results from my searches.

Given that there is no UI for device encryption, the only known methods to enable it via a push from Exchange ActiveSync or an MDM device policy.

When I applied a policy forcing encryption to my Lumia 930, the only way I could determine whether encryption was enabled was via the Storage Sense app. The “After” picture below shows the encryption state. Blink and you’ll miss it.

 

Before

Before

After

After

It is a little worrying that there is no way to decrypt the device. On the other hand there doesn’t seem to be a massive performance hit resulting from the encryption, so I’m happy to live with it.

 

 

I’ve had my Lenovo Ideapad Yoga 13 for a little over a year now. Generally, I’m very happy with it.  It has two internal SSDs, 8GB RAM and an Intel Core i7 processor.  Windows 8.1 runs very nicely on it.  I use the Ideapad for my day-to-day work as well as running test labs in Hyper-V.  Memory is generally my main limitation with Hyper-V, but mostly I can starve the VMs of RAM as performance isn’t a key issue for me for demos and/or testing purposes.  [As an aside, Exchange 2013 is a complete resource hog and won't run nicely unless you give each machine at least 4GB of RAM, which makes running a DAG near impossible for me].   Recently, I noticed that my disk latency (average response time) on the SSD that I run the VMs off was really high (around 11,000ms).  Ok, I was running 3 VMs simultaneously, but still!  So I downloaded AS SSD Benchmark to see how my SSD was performing.  The overall result was 438, which is not great when compared with what others have posted on line with the same SSD.

as-ssd-bench M4-CT256M4SSD3 15.07.2014 8-31-44 a.m.

After some deep thinking (i.e. staring idly into space over a coffee), the idea struck me that Bitlocker might be the culprit.  So I disabled Bitlocker for that drive and tried again. The difference was significant (around 20%) without being remarkable.  Interestingly, the read times before and after were almost identical.  The write times were where the difference was appreciable.

as-ssd-bench M4-CT256M4SSD3 15.07.2014 4-29-01 p.m.

The disk is still performing slowly compared with others online.  I checked my other SSD (a Samsung) and it was also slow, so the conclusion I’ve reached is that there must be some other factor (controller?) causing the slowness.  It would be interesting to hear what others with Ideapads are seeing, or if you have any ideas on how to improve performance.  Windows 8.1 is apparently optimised for SSD use, so I haven’t found any silver bullet for speeding things up.