Microsoft has released some documentation on how to design and deploy your BitLocker solution.
BitLocker is the complete disk encryption solution that is in some versions of Windows Vista and Windows Server 2008. I’m not convinced about the manageability of it yet. The fact that MS only included it in Vista Enterprise (Software Assurance only) and the very pricey Vista Ultimate sure doesn’t help to convince me. I’m still firmly on the Safeboot boat.
The Windows BitLocker Design and Deployment guides describe the various aspects of planning for deploying Windows BitLocker Drive Encryption for Windows Vista® Enterprise and Windows Vista® Ultimate computers in an enterprise environment. The document is organized in two guides, and you should carefully consider each guide before you deploy BitLocker Drive Encryption.
Windows BitLocker Drive Encryption Design Guide
This guide provides a systematic approach when planning for BitLocker deployment and highlights the main decision points. This guide is intended for use by an infrastructure specialist or system architect. It assumes that you have a good understanding of how BitLocker and TPM work on a functional level.
Windows BitLocker Drive Encryption Deployment Guide
This guide provides detailed instructions on how to prepare Windows Vista images for BitLocker and how to deploy BitLocker in an enterprise environment. This guide is intended for use by a deployment specialist or deployment team. It assumes that you have a good understanding of how automated Windows deployment, Active Directory Domain Services (AD DS) schema extension, and Group Policy works.
About BitLocker
BitLocker is a data protection feature available in Windows Vista® Enterprise and Windows Vista® Ultimate for client computers, and in Windows Server® 2008. BitLocker addresses the threats of data theft and of exposure from lost, stolen, or inappropriately decommissioned personal computers by providing a closely integrated solution in Windows Vista.
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computer’s hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing Windows Vista file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.