I want to encrypt a MacBook Pro that I run Windows on using VMWare Fusion 5 (the consumer version, unless I see a reason to get the new business version). There are three approaches that I'm aware of:
1) Use FileVault to encrypt basically the whole MacBook.
2) Use VMWare's enable encryption feature on the VM itself.
3) Use BitLocker on the guest Windows operating system.
Choice 3 doesn't seem to make a whole lot of sense since 2 is probably just as secure and simpler. Choice 1 is the most attractive because I'm not just encrypting the VM, so the answer to the question "is your laptop encrypted" is simpler and definitive. But, I recently read that encrypting the host OS is not recommended for performance reasons.
I didn't learn about Choice 2 until recently, but it is evidently the most supported option and it's the recommendation I expect to receive in the VMware community, I suppose. What are the performance implications of enabling encryption on the VM itself? How do these compare to the performance implications of Choice 1? I guess I'm having a hard time understanding how they could be very different.
I'm not sure if it matters, but the MacBook with have an SSD. Thanks.
> I didn't learn about Choice 2 until recently, but it is evidently the most supported option and it's the recommendation I expect to receive in the VMware community, I suppose.
After trying to repair broken encrypted VMs several times I tell all my customers NOT to use VMware encrypted VMs unless
- you regard the data inside the VM as expendable
- you use one piece preallocated vmdks
- you create daily backups of the vmx-file
I would use your option 1
3 isn't secure because the virtual memory file is written unencrypted. 1 is hands-down the best option. Very very little performance hit, and it just works.
Make sure you have a good backup of the disk before encrypting, and write down your recovery key when it's provided.
Option 1 is what I ended up doing. It works great and I have no performance issues related to this. Thanks.
I use option 1 (Mac OS FileVault to encrypt basically the whole MacBook) w/o problems.