From 5e157e3a92a65c9849ef8d4abebd88348028dfa2 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 16 Sep 2022 12:50:19 +0530 Subject: [PATCH] Update protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md --- ...nd-storage-area-networks-with-bitlocker.md | 121 +++--------------- 1 file changed, 17 insertions(+), 104 deletions(-) diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index 53e04dc61e..afa604d207 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -172,110 +172,23 @@ Unlike CSV2.0 volumes, physical disk resources can only be accessed by one clust The following table contains information about both physical disk resources (that is, traditional failover cluster volumes) and cluster shared volumes (CSV) and the actions that are allowed by BitLocker in each situation. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Action

On owner node of failover volume

On Metadata Server (MDS) of CSV

On (Data Server) DS of CSV

Maintenance Mode

Manage-bde –on

Blocked

Blocked

Blocked

Allowed

Manage-bde –off

Blocked

Blocked

Blocked

Allowed

Manage-bde Pause/Resume

Blocked

Blocked

Blocked

Allowed

Manage-bde –lock

Blocked

Blocked

Blocked

Allowed

manage-bde –wipe

Blocked

Blocked

Blocked

Allowed

Unlock

Automatic via cluster service

Automatic via cluster service

Automatic via cluster service

Allowed

manage-bde –protector –add

Allowed

Allowed

Blocked

Allowed

manage-bde -protector -delete

Allowed

Allowed

Blocked

Allowed

manage-bde –autounlock

Allowed (not recommended)

Allowed (not recommended)

Blocked

Allowed (not recommended)

Manage-bde -upgrade

Allowed

Allowed

Blocked

Allowed

Shrink

Allowed

Allowed

Blocked

Allowed

Extend

Allowed

Allowed

Blocked

Allowed

- ->Note:** Although the **manage-bde -pause** command is blocked in clusters, the cluster service automatically resumes a paused encryption or decryption from the MDS node. +| Action | On owner node of failover volume | On Metadata Server (MDS) of CSV | On (Data Server) DS of CSV | Maintenance Mode | +|--- |--- |--- |--- |--- | +|**Manage-bde –on**|Blocked|Blocked|Blocked|Allowed| +|**Manage-bde –off**|Blocked|Blocked|Blocked|Allowed| +|**Manage-bde Pause/Resume**|Blocked|Blocked**|Blocked|Allowed| +|**Manage-bde –lock**|Blocked|Blocked|Blocked|Allowed| +|**manage-bde –wipe**|Blocked|Blocked|Blocked|Allowed| +|**Unlock**|Automatic via cluster service|Automatic via cluster service|Automatic via cluster service|Allowed| +|**manage-bde –protector –add**|Allowed|Allowed|Blocked|Allowed| +|**manage-bde -protector -delete**|Allowed|Allowed|Blocked|Allowed| +|**manage-bde –autounlock**|Allowed (not recommended)|Allowed (not recommended)|Blocked|Allowed (not recommended)| +|**Manage-bde -upgrade**|Allowed|Allowed|Blocked|Allowed| +|**Shrink**|Allowed|Allowed|Blocked|Allowed| +|**Extend**|Allowed|Allowed|Blocked|Allowed| + +> [!NOTE] +> Although the **manage-bde -pause** command is blocked in clusters, the cluster service automatically resumes a paused encryption or decryption from the MDS node. In the case where a physical disk resource experiences a failover event during conversion, the new owning node detects that the conversion isn't complete and completes the conversion process.