Windows Server VM with Bitlocker Encryption with vTPM and the Native Key Provider
I am an VCF Admin and my Windows Server Team wants to Encrypt their Windows Servers VMs using BitLocker.
How can I help them to achieve this?
vCenter Setup
Setting up the vCenter Server is easy. In the Web Client just select the vCenter Server, Configure, Key Providers.
And click Add. You can select the “Native Key Provider” here.
After you created a Backup the key provider is active.
VM Configuration
Configure your Windows VM normaly and add a TPM device.
Windows Server Configuration
On a Windows Server we need to add the BitLocker Disk Encryption Feature using the Server Manager.
After that we can encrypt the drive.
A few Questions and Answers
Can someone Export the VM including the vTPM using the vSphere Web Client?
- No, exporting the VM, even as the SSO Administrator is not possible using the Web Client.
Can someone Export the VM including the vTPM using the Host Client?
- No, exporting the VM, even as root is not possible using the Host Client
Can someone Copy the files of the Datastore and use the VM then?
- Copy yes, using no.
You can reach me on mastodon: @BenOnVMs@vmst.io. You can follow this blog on the fediverse: @benedikt@ben-on-vms.com You can also reach me via E-Mail: vms@benediktfrenzel.de If you like, you can also book a quick call with me