VMware vSphere

 View Only

  • 1.  Encrypting ESXi host with BitLocker

    Posted Aug 11, 2014 06:27 PM

    We are being asked to encrypt out exchange server, but we're running into a few issues. For the most part, MS only recommends using BitLocker as the encryption solution, but our Exchange environment is made up of two ESXi hosts and BitLocker doens't support VM bootable drives. However you can encrypt the VM host. I'm not familiar with ESXi, so this may be a stupid question. But if we encrypted the ESXi host, would that encrypt the virtual guests and their data as well?

    I'm guessing it won't, but the alternative is going to a physical environment, so I thought I would ask.

    Thanks



  • 2.  RE: Encrypting ESXi host with BitLocker

    Posted Aug 11, 2014 06:41 PM

    You cannot use BitLocker to encrypt VMware vSphere ESXi host, since this is a feature of Windows Server 2008+, and not supported by VMware vSphere ESXi.

    What you can do is encrypt the data disk of your Exchange VMs... for more information, check this KB article: VMware KB: BitLocker support in a virtual machine



  • 3.  RE: Encrypting ESXi host with BitLocker

    Posted Aug 12, 2014 05:34 PM

    If you were able to successfully encrypt your ESXi installation that would do nothing for the VM's because they are stored on your shared storage.

    Usually total disk encryption is used for mobile devices and not servers. So are you trying to protect your servers from theft and subsequent unauthorized access? If so the point is moot if they steal your ESXi servers they would be useless to the thieves because again your VM's (and data) are on your SAN.

    So what is your endgame for encryption? What risk are you trying mitigate?