This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encryption of VM repository

I have been asked to see if it possible to encrypt the PVCS repository (v 8.6) on a Windows server (2012 R2).
I have found that MS has BitLocker available to encrypt servers.
Is anybody using BitLocker or another product to perform this?
What are the Pros / Cons ?

Thanks for your time.
  • 0  
    Hi Rex,

    Bitlocker is transparent, so it shouldn't cause any problems. I'm running it on my laptop, to keep data safe while traveling. Only downside I can think of is that it takes some CPU to encrypt/decrypt the data, which can affect I/O speed. Providing you have CPU capacity to spare, it shouldn't be very noticeable.

    Consider how you want to use Bitlocker, though. The default configuration encrypts the disk with the key stored in the TPM module of the server, but it never prompts for any password or (USB) key. If you physically remove the disk from the server you won't be able to get to the data off of it, but if you steal the complete server you'll have full access to it. You can enter a password afterwards, but now you're going to be forced to enter it for every reboot.

    So basically, what is it that your company is trying to accomplish by encrypting the data? :-)

    Cheers,

    - Richard.
  • 0
    The government has a new requirement that all data be encrypted.

    I am not sure how best to go about encrypting the PVCS VM repository project files, to meet this security requirement.
    I do not think that using BitLocker to encrypt the server drive is our best option.

    Using a drive encryption application on a laptop for end users, is something we already do.
  • 0  
    Your primary goal should probably be to figure out what the intent of this requirement is, because as stated it is too nebulous to provide meaningful guidance. (Anything that is encrypted needs to be decrypted before it can be used, so there's nothing inherently wrong using Bitlocker if the sole requirement is to encrypt the files. If this is not valid for the requirement, additional details would need to be provided.)

    Kind regards,

    - Richard.