none
securing vhdx files in clustered enviroment using encryption

    Frage

  • Hi all,

    So i read Aidan Finn blog on comparing vmware 5.1 to hyper-v 3.. 

    I write here cause it seems i can't comment this article anymore.. 

    link to article: http://www.aidanfinn.com/?p=13483

    Now in his blog Adian writes:

    Security

    My cousin works in the IT security world, often doing some very weird things.  When I first got into virtualisation, he had an interesting observation: Virtualisation assumes you have amazing physical security and you can trust your operators.  VHD(X) and VMDK are portable, therefore being easy to steal or copy.  That means that data in the computer room is easier to steal than ever.

    Windows Server 2008/R2 Hyper-V supported BitLocker (AES disk encryption) on non-clustered hosts.  That means the data is only visible to anyone who can log into the hosts.  You can steal those disks all you want; if I have a backup then I can recover and you’ll have no access to my encrypted VHD(X) files and the data contained within.

    WS2012 Hyper-V supports encrypting clustered disks too.  That means everything in a CSV can be safely encrypted when I have a cluster in a location that I can’t entirely trust, or if I just want to be sure.

    Enterprises value data security, right?

    and more importantly to me he states that we can also encrypt clustered disks too.. do anyone know what he means by that? how is this done?

    THANKS

    Casper


    "If you never ask you may never learn"

    Donnerstag, 12. September 2013 02:24

Antworten

  • Spending time in IT with financial institutions I know exactly what he is talking about.

    Read this:  http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx

    It will make him happy that you understand.

    BTW - when applying encryption, decide where you want to apply it, in a smart way.  Don't encrypt the physical and also encrypt within the OS of the VMs.  Do it at the place where it makes the most sense without undue overhead.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    • Als Antwort vorgeschlagen VR38DETTMVP Donnerstag, 12. September 2013 21:09
    • Als Antwort markiert CasperDK Samstag, 14. September 2013 23:10
    Donnerstag, 12. September 2013 14:58

Alle Antworten

  • Spending time in IT with financial institutions I know exactly what he is talking about.

    Read this:  http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx

    It will make him happy that you understand.

    BTW - when applying encryption, decide where you want to apply it, in a smart way.  Don't encrypt the physical and also encrypt within the OS of the VMs.  Do it at the place where it makes the most sense without undue overhead.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    • Als Antwort vorgeschlagen VR38DETTMVP Donnerstag, 12. September 2013 21:09
    • Als Antwort markiert CasperDK Samstag, 14. September 2013 23:10
    Donnerstag, 12. September 2013 14:58
  • Hi Brian,

    and thanks!! 

    :)


    "If you never ask you may never learn"

    Samstag, 14. September 2013 23:10