Encrypting guest VM ESXI 6.5 with Bitlocker

Hi we're devs playing around with ESXI on some old R710s. For our dev enviromnment it will be fine. The R710 have a TPM. I tried encrypting the VM with Bitlocker but it couldn't see the TPM. I assume ESXI can't see it. I was thinking of perhaps Veracrypt. Our main requirements are:

Encrypted Windows machines (although we could also be using Linux).
My primary concern is ensuring if disks are disposed of, perhaps
accidentally, nothing will be on them.
Typing in password at boot-up isn't an issue for us as it's a dev
environment.

So my questions are:

Am I right in assuming ESXI can't see the TPM.
Is Veracrypt viable in VM – I'm new to using it in a virtual
environment so I'm unsure of potential issues in the longer term. I'm going to try it
tonight on a test VM.
It's ESXI v6.5 so there is some encryption support but we are
currently using the free version and the tutorials looked fairly
complicated and aimed at a more professional environment.

Any alternative suggestions are welcome. Cheers, Chris.

Best Answer

If you're on 6.5, why not just use the native vSphere VM Encryption?

https://blogs.vmware.com/vsphere/2016/10/whats-new-in-vsphere-6-5-security.html

Encryption of virtual machines is something that’s been on-going for years. But, in case you hadn’t noticed, it just hasn’t “taken off” because every solution has a negative operational impact. With vSphere 6.5 we are addressing that head on.

Encryption will be done in the hypervisor, “beneath” the virtual machine. As I/O comes out of the virtual disk controller in the VM it is immediately encrypted by a module in the kernel before being send to the kernel storage layer. Both VM Home files (VMX, snapshot, etc) and VMDK files are encrypted.

Best Answer

Related Solutions

Windows – recover a bitlocker encrypted drive offline

Related Topic