Tip

VMware Workstation encryption prevents unauthorized VM access

VMware Workstation's encryption feature can protect sensitive data from unauthorized users. Get familiar with your options under Workstation's Access Control virtual machine settings for encryption as well as restriction.

Encryption

    Requires Free Membership to View

protects the contents of a virtual machine (VM), while restriction limits how much users can modify the VM. In a production environment, you don't want VMs to boot up without the appropriate password, because unauthorized users could obtain sensitive data.

Figure 1. The VMware Workstation Access Control link is how you'll change the encryption and restriction options for a VM.

Users enter a decryption password to access an encrypted VM. Without the decryption password, the VM's VMDK files are scrambled and inaccessible. VMware Workstation encryption goes beyond a boot password on physical computing hardware. With a physical computer, you can simply take out the hard drive and install it somewhere else to gain access to the contents.

How to create an encrypted virtual machine

You can only encrypt a VM once it finishes installation. Once the VM is installed, shut it down, then select it from the VMware Workstation main interface. Click "Edit virtual machine settings" and open the Options tab. In the list of available options, you'll see "Access Control" with all options disabled (see Figure 1).

Locked and loaded: Enhance VM security

Memorize VM security best practices

Never let these five VMware breaches happen

Become a vShield expert

Secure VMs like servers

Learn about View security

Click "Encrypt" and enter an encryption password (you'll have to enter it twice). Depending on the VM size and host machine's processing power, this encryption process may take a long time -- up to hours on large configurations. Once encryption wraps up, you'll enter the password again before booting up the virtual machine.

At some point, you may want to remove encryption from a VM, such as when moving a VM from Workstation to vSphere. A VM created in the relatively unsecure personal workstation environment can be encrypted, then decrypted for use in the protected vSphere data center environment. VMware does not support uploading encrypted VMs to a remote server, so encryption must be removed before that VM moves to vSphere. You'll need to remove encryption to share the VM with other users, since the encryption algorithm incorporates the local computer's information. Multiple computers cannot share access to an encrypted VM.

Figure 2. This is how to remove encryption from a VM or change the encryption password in Workstation.

You can remove encryption as easily as adding it. In the VM properties, click "Edit virtual machine settings." Enter the password and deselect the encryption option to remove encryption from the VM completely. This same interface is where you can change the encryption password.

Some administrators might expect encryption to have a detrimental impact on VM performance, but this is not the case. At the moment when you unlock the VM, the encryption key activates additional calculations. Once opened, however, the VM's contents are accessible like on any normal machine.

While VMware Workstation encryption helps to better protect virtual machines, there are some risks and limitations involved. If you lose the password, for example, you cannot access the encrypted VM or its contents. Encrypting VMs also prevents work in shared environments, including uploads from Workstation to vSphere and multiuser access situations within Workstation.

This was first published in January 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.