Benedikt's Tech Blog

I am an VCF Admin and my Windows Server Team wants to Encrypt their Windows Servers VMs using BitLocker.

How can I help them to achieve this?

vCenter Setup

Setting up the vCenter Server is easy. In the Web Client just select the vCenter Server, Configure, Key Providers.

And click Add. You can select the “Native Key Provider” here.

After you created a Backup the key provider is active.

VM Configuration

Configure your Windows VM normaly and add a TPM device.

Windows Server Configuration

On a Windows Server we need to add the BitLocker Disk Encryption Feature using the Server Manager.

After that we can encrypt the drive.

A few Questions and Answers

Can someone Export the VM including the vTPM using the vSphere Web Client?

• No, exporting the VM, even as the SSO Administrator is not possible using the Web Client.

Can someone Export the VM including the vTPM using the Host Client?

• No, exporting the VM, even as root is not possible using the Host Client

Can someone Copy the files of the Datastore and use the VM then?

• Copy yes, using no.

---

You can reach me on mastodon: @BenOnVMs@vmst.io. You can follow this blog on the fediverse: @benedikt@ben-on-vms.com You can also reach me via E-Mail: vms@benediktfrenzel.de If you like, you can also book a quick call with me

Now Skyline is gone for a while, you as a TAM Customer might want to get the nice and shiny vSphere Insights Report again, and ask yourself: “What can I do to help my favorite TAM?”

Well, the solution is simple, provide them with an Export from the TAM Data Manager.

Some of you might still remember it, and it is back, now with support for VCF and vSphere 8.

So let us deploy the TDM and make your TAM happy.

Download and Deploy

Firstly, the easiest way to get the current .ova for your deployment would be to ask your TAM if they can provide it, but if you want to surprise them here is a link to the public download. (I try to keep it up-to-date).

Now we have a nice .ova, so login to a vCenter that should host the TDM in my case vcenter-01.beerlab.tech.

Select the Datacenter you would like to deploy the TDM in, and upload the OVA

Select where to run the VM

Select the storage for the Appliance

Select a port group that has access to your Management Networks.

Configure the Network Settings or leave it blank for DHCP.

Double-check the Configuration.

Hit “Finish”, and run to the coffee machine to grab a quick refreshment.

Creating your Project

Now the TDM is deployed, and you can access the web interface on port 8443.

And as you are most likely a customer, hit the button “Enter as Customer”

You are now greeted with the Project overview.

As this is quite empty, you should create a “new TAM CI Project”, highlighted below.

This will open the project wizard, and you can start selecting the appropriate settings, but please do yourself and your TAM a big, big favor and do not select “ Anonymize data”

Continue with adding your vCenters. Here, you can also select to apply a set of credentials to multiple vCenters.

With the wizard completed, you can now navigate to your project and check on the collection status.

Exporting the Data and Sending them to your TAM

When the collection is done, you only need to export the project and send it on to your TAM.

This will download a file without a file extension, in my case it is called tdm-export-project-Beer Lab Technologies.

The to make sure the e-mail server like it, just compress the project file to a zip and send it on its way.

That's it, you now have a working TDM and your TAM can make you nice reports again.

---

You can reach me on mastodon: @BenOnVMs@vmst.io. You can follow this blog on the fediverse: @benedikt@ben-on-vms.com You can also reach me via E-Mail: vms@benediktfrenzel.de If you like, you can also book a quick call with me