Conquering the Top 5 Enterprise Data Protection Challenges

Today's datacenters face a gauntlet of challenges including protection of physical and virtual environments, fast recovery of data, reducing backup times and storage requirements, server consolidation, and disaster recovery..

Find out how savvy CIO's are conquering these types of challenges in this WHITE PAPER by vExpert, David Davis

Friday, 21 September 2012

Encrypting and Restricting VM in VMware Workstation 9.x


Encrypting and Restricting VM in VMware Workstation 9.x


Recently VMware released a new version of VMware Workstation. This new version offers some new functionality and features and one such feature is the ability to Encrypt and Restrict virtual machines within Workstation 9.x.


Encrypting a virtual machine secures it from unauthorized use. To decrypt a virtual machine, users must enter the correct encryption password. Restricting a virtual machine prevents users from changing configuration settings unless they first enter the correct restrictions password. You can also set other restriction policies.

When you encrypt a virtual machine, Workstation prompts you for a password. After the virtual machine is encrypted, you must enter this password to open the virtual machine or to remove encryption from it. Workstation displays the encrypted virtual machine with a lock icon until you enter the password to open the virtual machine.

If you also enable restrictions, users are prevented from modifying the virtual machine. For example, you can enable restrictions to prevent users from removing virtual devices, changing the memory allocation, modifying removable devices, changing the network connection type, and changing the virtual hardware compatibility.

A password prompt appears whenever anyone performs any of the following actions on the virtual machine:

  • Clicks Edit virtual machine settings or Upgrade Virtual Machine on the virtual machine summary tab
  • Double-clicks a virtual device in the Devices list on the virtual machine summary tab
  • Selects the virtual machine and selects VM > Settings or VM > Manage > Change Hardware Compatibility from the menu bar
  • Clicks or right-clicks on a removable device icon to edit its settings
  • Uses a Removable Devices > device_name menu to edit the settings for a device

IMP NOTE: Encryption applies to all snapshots in a virtual machine. If you restore a snapshot in an encrypted virtual machine, the virtual machine remains encrypted whether or not it was encrypted when the snapshot was taken.

If you change the password for an encrypted virtual machine, the new password applies to any snapshot you restore, regardless of the password in effect when the snapshot was taken.

Virtual Machine Encryption Limitations
  • You must power off a virtual machine before you add or remove encryption or change the encryption
    password.
  • The encryption feature supports virtual machines that have virtual hardware version 5.x or later only.
  • You cannot create a linked clone from an encrypted virtual machine.
  • If more than one unencrypted virtual machine shares the same virtual disk and you encrypt one of the virtual machines, the virtual disk becomes unusable for the unencrypted virtual machine.
  • You cannot encrypt a shared or remote virtual machine.
  • You cannot upload an encrypted virtual machine to a remote server.

Steps to Encrypt a VM

Power OFF the VM if it is in the Power ON State

Power OFF VM

Select the virtual machine and select VM > Settings.

Viewing the Settings Wizard of your Virtual Machine

On the Options tab, select Access Control.

Selecting Access Control in the Options Tab

Click Encrypt.

Selecting Encrypt Option

Type the "encryption password" and click Encrypt.
IMPORTANT Make sure that you record the encryption password you use. If you forget the password, Workstation does not provide a way to retrieve it.

Providing Encryption Username and Password

Workstation begins encrypting the virtual machine. After the encryption process is complete, you can optionally set a restrictions password.

Encryption in Progress

To turn on restrictions, use the controls in the Restrictions section of the panel.
IMPORTANT Make sure that you record the restrictions password you use. If you forget the password, Workstation does not provide a way to retrieve it.

Click OK in the Virtual Machine Settings dialog box.

Remove Encryption from a Virtual Machine

Power OFF the virtual machine if it is in the Power ON State


Select the virtual machine and select VM > Settings.


NOTE: It may prompt you to enter the Password set during the Restriction settings phase. Enter that Password


If you have previously selected Restriction in your Access Control, then you will have to first remove Restriction. 
Simply de-select the Restriction Option as shown


On the Options tab, select Encryption.
Click Remove Encryption.


Type the "encryption password".
Click Remove Encryption.


Workstation now begins decrypting the virtual machine.

 
Once done, your VM will not be encrypted or restricted for use.