Is this a safe thing to do?

Is the host pagefile the only hard disk place where guest ram data can appear, ie registry and temp files are not an issue?

Guest is linux mint. Its .vmdk resides in a truecrypt container. (EDIT: vmdk uses full-drive encryption). Host system partition cannot be encrypted because disk is uefi (this is not supported by truecrypt, only by $125 commercial closed-source bestcrypt).

I don't think you really want to turn off the page file in windows unless you really have a lot of RAM (which always makes sense when virtualizing).

If your Guest is Linux, why not the host? This would allow you to put /tmp and swap to encrypted drives as well and thus making guest RAM not being written in plain text to the host.

Passwords from your guest will not show up in the hosts registry or temp files. Only the guest's RAM could be dumped to the host by suspending it (or by swap to guest filesystem).

If you want to increase your safety, try to find a linux distribution that will boot from CD or DVD, where you can install workstation into. (Yeah, I know you'd have to install it EVERY TIME), but then you could simply access your .vmx and boot your VM. This way, you can be sure that the host will not safe anything to disk.

Hope this helped.

Sysfried

Guest holds private data and that is why linux is used - perceived as more secure. Also for internet access in other VM's. But for everyday tasks offline in the host (like outlook, excel, word, autocad) windows makes me more productive so I would be reluctant to make linux the host. And a liveCD with vmware workstation in it is probably too hard for me to create and update.

What if all temp folders are cleared as part of a shutdown command? And the pagefile deleted at boot time?

Well, in that case, putting your VM (including .vmx files) into a Truecrypt Container would make it safe. It would contain the VMs pagefile.

For safety, when you shutdown your guest, all memory will be cleared even from the host.

Hope it helped,

Sysfried

If the host runs out of ram while the guest is running, won't the host store some guest ram into the host pagefile?

Well, the "paging" behavior of windows is rather simple. It will always try to put the memory of unused processes to the pagefile, so active applications get more ram.

In your case, windows will put system processes and whatever you have running onto the pagefile (those will free up small portions of your total RAM).

Since your VM will have a rather large memory footprint, it is very unlikely that it's being put to the pagefile since it will be active (requesting cpu time frequently) and the large memory consumption will avoid it from being put to the pagefile in the first place.

Although, let's say you have 196 GB RAM and your VM is one out of 50, where others have larger footprints and your VM is mostly idle or maybe even in suspend, you could end up having the guest memory being put onto your pagefile. But be honest, that's not the case and if you had 196 GB of RAM, you'd turn off pagefile entirely (besides that 64 MB minimum or so) 😉

So, no worries.

Cheers,

Sysfried

Thanks. For my security purposes, "very unlikely" [that the VM ram is put to the pagefile of the host] is not good enough. This PC has 32 GB of ram, which seems a lot, but it would be shame not to use it all. Do I disable the host pagefile or not? Can't I just scrub the pagefile (securely erase it) at boot time?

Simple fix for a clean pagefile at shutdown:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Name: ClearPageFileAtShutdown

Werttyp: REG_DWORD

Wert: 1

will clean your pagefile at host shutdown. (might increase the shutdown time).

> Thanks. For my security purposes, "very unlikely" [that the VM ram is put to the pagefile of the host] is not good enough.

Your question can not be answered without knowing your settings for
mainmem.useNamedFile and mainmem.backing

Just tried ClearPageFileAtShutdown with a 32 GB pagefile. It takes 4 minutes to shut down. A last resort really, but perhaps the only safe solution so far.

Continuum, the idea is to never suspend the VM, because both the host pagefile and the vmx directory are unencrypted so we don't want guest ram to be stored in either place. What should mainmem.backing be?

Is there a parameter to disable suspend, just in case I forget that I must never suspend VM's holding sensitive data (in guest-encrypted format)?

Is there a parameter to demand that the VM's ram is never paged out or stored anywhere?

Is there a way to tell windows 7 to run the vmware process differently so it never pages out?

> Your question can not be answered without knowing your settings for mainmem.useNamedFile and mainmem.backing

What is the answer if mainmen.useNamedFile = false and mainmem.backing = swap?

Found Drive Vaccine which effectively erases any changes made to the host system partition (including the pagefile and any temp files and caches) at every shutdown - tested this with a subsequent liveCD session and dd found no trace in the raw sectors. Last point of concern is the directory where the .vmx resides, don't want to erase changes in its partition. What should be done with this?

Thanks. An answer can be pieced together then:

• mainmem.useNamedFile = "false"
• suspend.disabled = "true"
• ClearPageFileAtShutdown to 1 to erase pagefile at shutdown
• Pagefile to start from 16 MB and grow, so it is erased fast
• Truecrypt full-disk encryption in the VM, with the default bios and not uefi because truecrypt does not support uefi
• Optional: non-persistent VM disk, if VM needs internet access
• Optional: drive vaccine in the host for non-persistency of system partition, if host needs internet access

Hope there aren't any holes in vmware-created files in the .vmx folder.