Windows Server full partition encryption

I need to secure 2 partitions in separate windows 2008 servers.  The servers are VM's running on ESXi 5.1- I need the encryption to be seamless so once the machines have fired up, end users and applications will be unaffected and unaware encryption was in place.

We used to use TruCrypt but stopped using it last year.  Does anyone else know of any similar products?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad MullaSystems AdministratorCommented:
Intuit provides a VMware encryption solution.
Bitlocker alone offers a solution that we used on ESXI. To be hands free, normally, you would need a TPM, which is not emulatable on ESXI, so it seems as though there is no way. But luckily, there is also the possibility to use keys on virtual diskettes. So you would
1 set a GPO to allow bitlocker without TPM
2 create a virtual floppy disk
3 start bitlocker using this command:
manage-bde -on c: -sk a: -rp
(Then setup d: to autounlock, if d: is present, which means, d: will unlock when the server is booted)
4 now place that floppy on a secured network share

Thought is: if the device is stolen (the vm host), it won't have access to your network. No floppy access then, so no booting, whole server encrypted.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nick_DAuthor Commented:
Hi McKnife,

Thanks for your post, it seems a very clever solution to get around the problem which I will try out on a test server and get back to you on.  Really appreciate your response!

One thing I have always wondered and would be interested to know your thoughts on?  VM's by their very nature are more secure than single box servers as the hosts could have data spread across multiple disks (LUN's) on Multiple SAN's and so if stolen, unless rebuilt in an identical configuration the data would be difficult to read and retrieve.  Once the device is spun up and authenticated then I would have thought that it is more of a risk to have the data sucked from it using some sort of remote attack?  I know you could then impose EFS encryption on the shares but as this tends to lock down access to users it is almost unworkable in a company with many teams that share data?  We also have systems which automatically index these shares and so EFS would very quickly break them as they would not be able access the shares!
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

I am not sure if I understand what you're at. "Once the device is spun up and authenticated then I would have thought that it is more of a risk to have the data sucked from it using some sort of remote attack?" - I don't see how that question relates to using VMs, please clarify.
Nick_DAuthor Commented:
It is more of a general encryption question I guess as opposed to being specifically about VM's.  Would you say that just by their design and how VM's are configured they are more secure than a single box server which has all the drives, system and data in the same box.  Whereas a VM could have the host connected to potentially multiple SAN's and so you would need to steal everything to reconstitute the whole system again?
Sure, agreed, only logical.
Nick_DAuthor Commented:
Worked perfectly, thanks for your help McKnife
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.