VMWare Encryption Q's

Hello,


I have a virtual machine with two VMDK files.  When starting the VM, it asks for a password to launch it.  My questions are:

1. Are the full contents of these virtual disks encrypted or does it just apply to the disk file with the OS on it?
2. Is there a way to test the encryption?
3. I have another non-encrypted VM, can I extract the data from that disk file without launching the VM?


Thanks.
LVL 11
epichero22Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Encryption is done within the OS, the same as a physical computer, it does not have anything to do with the hypervisor.

1. It depends on what you specified, when you used Bitlocker, and selected which disks to encrypt.

2. Attach the disk to another VM. Try and access the data.

3. Yes.

You copy copy VMDKs to Windows and/or Linux, and mount the VMDK, and extract the data.
0
epichero22Author Commented:
Here's the error message I got when I tried attaching my encrypted VMDK to another VM:

vmware.png
Don't know if I'm good or if I should try another method for testing.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Okay this is normal, you have encrypted the virtual machine from the Hypervisor, not from within the OS, using Bitlocker.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

epichero22Author Commented:
I don't remember using Bitlocker, I simply used the built-in encryption for VMWare Workstation.  Not sure if that's the same thing.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Bitlocker is inside the OS - not relevant here.

You are using the Encryption option within VMware Workstation/Player - it's different!
0
epichero22Author Commented:
BTW, do you know how the password decrypts the VMDK?  I'm wondering if it works like a pair of glasses you can see through with the correct decryption key.  Any wrong key will give you garbage, so not sure if this is correct.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
try and mount the VMDK manually.

see here

http://www.running-system.com/how-to-mount-a-vmdk-file-under-windows/

This will provide you with the answer you are looking for, if you cannot mount the VMDK file, to extract the data, it's encrypted.
0
epichero22Author Commented:
I wanted to know what kind of encryption it uses, what the bit rate is, and how the password unlocks the file.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
VMware have never revealed what kind of encryption it uses, it has been reported it's  AES256.

But this has not been verified or audited.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.