VMware Communities
howdena
Contributor
Contributor
‎09-03-2013 08:28 AM

VMWare Fusion 5 (.0.3) and a Windows 7 VM that I'd like to run Symantec PGP Whole Disc Encryption on

Hello,

Our company demands that our laptops run Symantec's PGP Whole Disk Encryption software and I want to know if I can do this safely within a VM.

I have already virtualised my work laptop into a .vmware file using the PC2MAC utility and it run up just fine on my MacBook Air. (I still can't get over how truly awesome this all is!) Anyway, when the Windows 7 VM boots I'm prompted to encrypt the "whole disk" using the PGP WDE software (as our sys admins have made this mandatory). At the moment I keep dismissing this prompt but in truth I'd like to do it - then I'd be totally complying with our IT policy so that if the MacBook was ever lost or stolen it'd be very hard to get anything off of. But, is this action a safe thing to do?

Has anybody tried PGP WDE within a Fusion 5 VM? I understand that it replace bits of the MBR and I really don't want to brick my MacBook. I'd hope that PGP WDE couldn't get outside of the .vmware file that the VM has and the that MBR is within that .vmware file and so this should be fine, but I am loathe to try without knowing whether this is a sensible/safe thing to attempt.

Your thoughts/ideas very welcome.

Andy

0 Kudos
2 Replies
WoodyZ
Immortal
Immortal
‎09-03-2013 09:27 AM

The bottom line is if you're running a corporate image that requires encryption then you have no other choice, now do you!?  So encrypt it and be done with it as it's not going to brick your Mac since this is being done in the Virtual Machine to the Virtual Hard Disk not to the Host OS and or Physical Disk itself! Smiley Wink

0 Kudos
ColoradoMarmot
Champion
Champion
‎09-03-2013 02:37 PM

1) Most corporate standards require that the host be encrypted, not just the guest (since guests leak lots of information).  Check with your security policy folks.  BTW - do not run the Fusion encryption option.  FileVault2 on the host is a better option than encrypting a guest.

2) PGP encryption does work within a VM on Fusion 5.  Make a copy before you encrypt as a backup, and remove all previous snapshots.  Be warned:  It will fully expand the entire virtual disk when it encrypts.  A 40GB disk takes 40GB even if you only have 10GB used).  You may be limited in your ability to upgrade to Fusion 6 (i.e. things may break), so make sure you backup and test.

Please do remember that this may make your warning go away, but it is NOT a secure configuration.

0 Kudos