This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encryption of VM repository

I have been asked to see if it possible to encrypt the PVCS repository (v 8.6) on a Windows server (2012 R2).
I have found that MS has BitLocker available to encrypt servers.
Is anybody using BitLocker or another product to perform this?
What are the Pros / Cons ?

Thanks for your time.
Parents
  • 0  
    Hi Rex,

    Bitlocker is transparent, so it shouldn't cause any problems. I'm running it on my laptop, to keep data safe while traveling. Only downside I can think of is that it takes some CPU to encrypt/decrypt the data, which can affect I/O speed. Providing you have CPU capacity to spare, it shouldn't be very noticeable.

    Consider how you want to use Bitlocker, though. The default configuration encrypts the disk with the key stored in the TPM module of the server, but it never prompts for any password or (USB) key. If you physically remove the disk from the server you won't be able to get to the data off of it, but if you steal the complete server you'll have full access to it. You can enter a password afterwards, but now you're going to be forced to enter it for every reboot.

    So basically, what is it that your company is trying to accomplish by encrypting the data? :-)

    Cheers,

    - Richard.
Reply
  • 0  
    Hi Rex,

    Bitlocker is transparent, so it shouldn't cause any problems. I'm running it on my laptop, to keep data safe while traveling. Only downside I can think of is that it takes some CPU to encrypt/decrypt the data, which can affect I/O speed. Providing you have CPU capacity to spare, it shouldn't be very noticeable.

    Consider how you want to use Bitlocker, though. The default configuration encrypts the disk with the key stored in the TPM module of the server, but it never prompts for any password or (USB) key. If you physically remove the disk from the server you won't be able to get to the data off of it, but if you steal the complete server you'll have full access to it. You can enter a password afterwards, but now you're going to be forced to enter it for every reboot.

    So basically, what is it that your company is trying to accomplish by encrypting the data? :-)

    Cheers,

    - Richard.
Children
No Data