Dos and Don’ts of Encryption with Hyper-V

by Chris Sanders [Published on 16 July 2009 / Last Updated on 26 March 2013]

Encryption of any sort is typically a good practice to be in when at all feasible. This article discusses the dos and don’ts of Hyper-V encryption.

When at all possible, encryption adds a crucial layer of security to any operating system. Hyper-V is no exception to this, but there are some basic Dos and Don’ts to keep in mind when considering encryption as a part of your Hyper-V security strategy.

 Do…Use BitLocker with a TPM Platform.
BitLocker is Microsoft’s newest encryption solution and is quite powerful. BitLocker works with server hardware and ensures operating system and data integrity even if the server is physically powered off or if a hard drive is stolen.

Don’t…Use the Encrypted File System (EFS).
Hyper-V doesn’t support the use of EFS in locations where virtual machines are stored.

 Do…Use BitLocker Encryption on the Host Operating System
Using BitLocker on the host system will not only secure its operating system, but it will also secure the virtual machine configurations and the VHD files themselves. Doing this, your VHD files will be encrypted regardless of their operating system.

 Don’t…Use BitLocker Encryption Inside Your Virtual Machines
BitLocker encryption is not supported within a virtual machine.

 Do…Encrypt if You Don’t Have a Reason Not To
BitLocker encryption is a really great security feature to have on your side. If you don’t have a reason NOT to deploy BitLocker on your virtual hosts, then you need to. You can read more about BitLocker exclusively here: http://technet.microsoft.com/en-us/library/cc731549.aspx.

 Don’t…Make ExcusesI’m not sure why, but the thought of encryption has always scared people a bit. I’ve heard far too many delusional fears about people being afraid that something will mess up and they will be locked out of their mission critical servers and data.

See Also

Featured Links