Nick_D
asked on
Windows Server full partition encryption
I need to secure 2 partitions in separate windows 2008 servers. The servers are VM's running on ESXi 5.1- I need the encryption to be seamless so once the machines have fired up, end users and applications will be unaffected and unaware encryption was in place.
We used to use TruCrypt but stopped using it last year. Does anyone else know of any similar products?
We used to use TruCrypt but stopped using it last year. Does anyone else know of any similar products?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi McKnife,
Thanks for your post, it seems a very clever solution to get around the problem which I will try out on a test server and get back to you on. Really appreciate your response!
One thing I have always wondered and would be interested to know your thoughts on? VM's by their very nature are more secure than single box servers as the hosts could have data spread across multiple disks (LUN's) on Multiple SAN's and so if stolen, unless rebuilt in an identical configuration the data would be difficult to read and retrieve. Once the device is spun up and authenticated then I would have thought that it is more of a risk to have the data sucked from it using some sort of remote attack? I know you could then impose EFS encryption on the shares but as this tends to lock down access to users it is almost unworkable in a company with many teams that share data? We also have systems which automatically index these shares and so EFS would very quickly break them as they would not be able access the shares!
Thanks for your post, it seems a very clever solution to get around the problem which I will try out on a test server and get back to you on. Really appreciate your response!
One thing I have always wondered and would be interested to know your thoughts on? VM's by their very nature are more secure than single box servers as the hosts could have data spread across multiple disks (LUN's) on Multiple SAN's and so if stolen, unless rebuilt in an identical configuration the data would be difficult to read and retrieve. Once the device is spun up and authenticated then I would have thought that it is more of a risk to have the data sucked from it using some sort of remote attack? I know you could then impose EFS encryption on the shares but as this tends to lock down access to users it is almost unworkable in a company with many teams that share data? We also have systems which automatically index these shares and so EFS would very quickly break them as they would not be able access the shares!
I am not sure if I understand what you're at. "Once the device is spun up and authenticated then I would have thought that it is more of a risk to have the data sucked from it using some sort of remote attack?" - I don't see how that question relates to using VMs, please clarify.
ASKER
It is more of a general encryption question I guess as opposed to being specifically about VM's. Would you say that just by their design and how VM's are configured they are more secure than a single box server which has all the drives, system and data in the same box. Whereas a VM could have the host connected to potentially multiple SAN's and so you would need to steal everything to reconstitute the whole system again?
Sure, agreed, only logical.
ASKER
Worked perfectly, thanks for your help McKnife
http://www.porticor.com/porticor-for-vmware/