VMWare Encryption Q's


I have a virtual machine with two VMDK files.  When starting the VM, it asks for a password to launch it.  My questions are:

1. Are the full contents of these virtual disks encrypted or does it just apply to the disk file with the OS on it?
2. Is there a way to test the encryption?
3. I have another non-encrypted VM, can I extract the data from that disk file without launching the VM?

LVL 11
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Encryption is done within the OS, the same as a physical computer, it does not have anything to do with the hypervisor.

1. It depends on what you specified, when you used Bitlocker, and selected which disks to encrypt.

2. Attach the disk to another VM. Try and access the data.

3. Yes.

You copy copy VMDKs to Windows and/or Linux, and mount the VMDK, and extract the data.
epichero22Author Commented:
Here's the error message I got when I tried attaching my encrypted VMDK to another VM:

Don't know if I'm good or if I should try another method for testing.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Okay this is normal, you have encrypted the virtual machine from the Hypervisor, not from within the OS, using Bitlocker.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

epichero22Author Commented:
I don't remember using Bitlocker, I simply used the built-in encryption for VMWare Workstation.  Not sure if that's the same thing.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Bitlocker is inside the OS - not relevant here.

You are using the Encryption option within VMware Workstation/Player - it's different!
epichero22Author Commented:
BTW, do you know how the password decrypts the VMDK?  I'm wondering if it works like a pair of glasses you can see through with the correct decryption key.  Any wrong key will give you garbage, so not sure if this is correct.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
try and mount the VMDK manually.

see here


This will provide you with the answer you are looking for, if you cannot mount the VMDK file, to extract the data, it's encrypted.
epichero22Author Commented:
I wanted to know what kind of encryption it uses, what the bit rate is, and how the password unlocks the file.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
VMware have never revealed what kind of encryption it uses, it has been reported it's  AES256.

But this has not been verified or audited.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.