Having TPM 1.2 installed on 2x Dell x730, what options to encrypt user and network data in Failover Cluster? I see Windows Server 2016 allows to passthrough the TPM to the VM. https://charbelnemnom.com/2017/03/how-to-enable-virtual-tpm-vtpm-in-windows-server-2016-hyper-v-vm-hyperv-ws2016/ This allows encrypting the data on VM level. Would encryption on the host level be more useful? According to old Microsoft's article https://technet.microsoft.com/en-us/library/cc974516.aspx , I "should use BitLocker Drive Encryption on all volumes that store VM files. This includes the VMs, virtual hard disks, configuration files, snapshots, and any VM resource, such as ISOs and VFDs." What if I use encryption at both VM-level and Failover Cluster? What is the performance to expect low or same ?
Asked
Active
Viewed 1,348 times
4
-
1If the VMs are already encrypted, why encrypt them again? – Michael Hampton Feb 27 '18 at 23:02
-
One technology worth considering to add as a layer of security is Shielded VMs. More info here: https://blogs.technet.microsoft.com/datacentersecurity/2016/03/14/windows-server-2016-shielded-vms-protecting-tenant-secrets/ However, the real answer to your question can't really be answered without knowing your requirements and your threat model. – Per von Zweigbergk Feb 28 '18 at 07:07
1 Answers
5
- The performance will fall anyway. No need to double encryption.
- I would not recommend using TrueCrypt fork-outs.
- Configuring BitLocker on Cluster Shared Volumes does the job.
Strepsils
- 4,817
- 9
- 14