I have some VMs which I want to fully encrypt. They are all Windows 10 64 Bit.
Currently I am using VeraCrypt "Full System Disk Encryption" in the guest OS. Additionally I do reserve all RAM of the VM, so that no swap files or something like that is unencrypted at disks.
If someone steals my phsyical server or copies the data files he should not be able to read any data from my encrypted VMs.
At the moment I think I am proof of that with my solution (VeraCryp + All guest RAM reserved).
The only disadvantage of this is, that I have to enter the boot password on every encrypted VM each time I boot that VM. That's the reason, why I am looking for a more comfortable solution.
Is there anything what you could suggest? I would prefer a solution, where I only have to enter a password at every boot of ESXi, to unlock a fully encrypted data store, and store the sensitive VMs in that datastore. Is that possible? Or would you suggest something else?
Yes, thank you.
The VM Encryption looks very interesting, but needs a KMS to work?
Do you know, if one could use that also with just a strong password?
Otherwise I thought about the following:
Install a KMS in a VM on my ESXi and do a full system encryption with VeraCrypt in my KMS VM.
So after a reboot of my ESXi I only have to ener the boot password of the KMS VM to boot. After that, all encrypted VMs should be accessible and could be booted everytime without the need to enter a boot password.
That would work, or what do you whink?
But I would need a Key Server installation under Windows, where I can make a full System Encryption Using VeraCrypt. Till now I did not find any Key Server solution for my test environment