[NTSysADM] RE: encrypting Server 2008 R2 virtual disk

[Ken Cornetet]

Nope, not unless you wanted TrueCrypt to use a file on the USB drive as it's 
key (mp3 files work well for this - lots of entropy).

Actually, I think creating an encrypted volume within your windows server is 
the best approach.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jimmy Tran
Sent: Friday, January 17, 2014 9:26 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk

I could present a second HD volume to Windows, format and encrypt through 
Windows with TrueCrypt I suppose.  Don't I need a usb key to be plugged in for 
the encryption to work?  I haven't really worked with encryption before.  I'll 
need to do more research to see how TrueCrypt works.



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet
Sent: Friday, January 17, 2014 6:18 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk

A couple of thoughts:


1.       Does the whole Windows server need to be encrypted? Can't you just use 
TrueCrypt to create an encrypted volume inside windows, then mount it as a 
drive letter and store you sensitive data there?

2.       If the whole server does indeed need to be encrypted, you could set up 
another server (could  be virtual), use TrueCrypt to create an encrypted 
volume, then export that disk volume via NFS. In ESX, mount that NFS disk and 
create your protected machine there. Obviously, you'd need to insure that the 
NFS server virtual boots first, and that the TrueCrypt volume gets mounted 
before booting the protected windows server.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jimmy Tran
Sent: Thursday, January 16, 2014 9:48 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] encrypting Server 2008 R2 virtual disk

I have a client who needs to comply to HIPPA requirements and encrypt their 
data.  The windows server 2008 r2 is a guest on ESXi 5.5.  I looked at bit 
locker and although vmware doesn't support it, it can still be done.  The data 
is currently planned to reside on the local datastore.  Encrypting the entire 
data store would be ideal but I'm not aware of any tools to do this.

Does anyone have any recommendations?

Thanks,

Jimmy