Amazing Charts User Board
Most Recent Posts
Labs and Diagnostics.
by SoCalFP
Today at 05:44 AM
E-Rx with Exostar, as Verizon will no longer support Controlled E-Rx
by Bert
Today at 12:07 AM
Anti-Virus on Server?
by Shrinkrap
Yesterday at 07:40 PM
NEWCrop message
by Bert
Yesterday at 07:36 PM
Has anyone seen this message??
by Indy
Yesterday at 02:50 PM
C-CDA not importing
by DocMark
01/17/18 11:34 PM
AC v 10 GA release
by [email protected]
01/17/18 03:44 PM
MACRA/MIPS requirements for 2018
by Bert
01/17/18 08:40 AM
Quality Payment Program Year 2: MIPS Highlights
by Bert
01/16/18 10:24 PM
eClinicalWorks sued for $1 billion
by JamesNT
01/16/18 10:08 PM
Praxis
by Boondoc
01/16/18 06:26 PM
Soapware
by Dru
01/16/18 05:43 PM
Updox Faxing service
by jimmie
01/13/18 04:15 AM
Removal of default FRONTDESK, etc. users (AC v8.30)
by kurt
01/13/18 01:58 AM
Cant install AC on Windows 10
by ryanjo
01/12/18 02:00 AM
Topic Options
#72157 - 12/28/17 02:39 PM Bitlocker and Server
GoBruins Offline
Member

Registered: 08/30/12
Posts: 389
Hi all,

I'm about to Bitlocker the AC server. Is this common practice for everyone?

It's an ESXi VM running Windows Server 2012 Std.

Good idea? Bad idea? Any potential pitfalls?

Thanks.
_________________________
Gianni

Top
#72158 - 12/28/17 05:49 PM Re: Bitlocker and Server [Re: GoBruins]
Sandeep Offline
G

Registered: 04/14/11
Posts: 2206
Loc: California
You can't Bitlocker an ESXi server. ESXi is VMWare's bare metal Hypervisor. You can however use bitlocker on a windows machine with VMWare workstation.

Server 2016 supports virtual TPM which allows you to encrypt the VM itself.

There's no coming back if you lose the encryption keys. Store it in multiple places if possible.
_________________________
Sandeep Luthra | Sandeep@LTMedical.net
www.LTMedical.net | (888) 285-8812

Top
#72159 - 12/28/17 09:03 PM Re: Bitlocker and Server [Re: GoBruins]
GoBruins Offline
Member

Registered: 08/30/12
Posts: 389
Hi,

The Win 2012 Server is a guest OS residing in an ESXi host.

If Bitlockered, what happens to any backup files that it generates? Are those encrypted as well?
_________________________
Gianni

Top
#72160 - 12/29/17 01:59 AM Re: Bitlocker and Server [Re: GoBruins]
JamesNT Offline
Member

Registered: 12/30/09
Posts: 975
Loc: North Carolina
Bitlocker encrypts the operating system's fixed disks only. The encryption does not transfer to removable media or backups. They are unencrypted. The backup software you use is responsible for providing backup encryption. And what Sandeep said applies here as well: keep those decryption keys safe, Safe, SAFE. If you lose them, you lose it all.

JamesNT
_________________________
James Summerlin
My personal site: http://www.dataintegrationsolutions.net

Top
#72161 - 12/29/17 03:50 AM Re: Bitlocker and Server [Re: JamesNT]
Sandeep Offline
G

Registered: 04/14/11
Posts: 2206
Loc: California
Originally Posted By: JamesNT
Bitlocker encrypts the operating system's fixed disks only. The encryption does not transfer to removable media or backups. They are unencrypted.


You can use Bitlocker-to-Go to encrypt your detachable backup drives. Auto-unlock works on removable drives as well. So it can auto-unlock on reboot. It's not enabled by default. You can enable it in the Bitlocker Control Panel.

*Applies to Windows Hypervisors/Hosts only*
_________________________
Sandeep Luthra | Sandeep@LTMedical.net
www.LTMedical.net | (888) 285-8812

Top
#72162 - 12/29/17 03:54 AM Re: Bitlocker and Server [Re: GoBruins]
Sandeep Offline
G

Registered: 04/14/11
Posts: 2206
Loc: California
Originally Posted By: GoBruins
The Win 2012 Server is a guest OS residing in an ESXi host.


Microsoft does not support using Bitlocker on a bootable partition of a virtual hard disk.

https://kb.vmware.com/s/article/2036142

You can however encrypt the data partitions of your virtual hard disk.


_________________________
Sandeep Luthra | Sandeep@LTMedical.net
www.LTMedical.net | (888) 285-8812

Top
#72163 - 12/29/17 02:48 PM Re: Bitlocker and Server [Re: GoBruins]
JamesNT Offline
Member

Registered: 12/30/09
Posts: 975
Loc: North Carolina
While Sandeep is correct about Bitlocker-to-Go, when it comes to Transport Security (e.g. thumb drives and USB drives), my recommendation would be to utilize an Apricorn drive. They are far easier to use if you need to carry data securely from your network to another network or to a non-Windows computer.

https://www.apricorn.com/

You can buy them on Amazon.

JamesNT
_________________________
James Summerlin
My personal site: http://www.dataintegrationsolutions.net

Top
#72164 - 12/29/17 09:28 PM Re: Bitlocker and Server [Re: GoBruins]
GoBruins Offline
Member

Registered: 08/30/12
Posts: 389
Thanks all.
_________________________
Gianni

Top

Moderator:  Indy, JBS, Sandeep 
Shout Box

Who's Online
0 registered (), 9 Guests and 13 Spiders online.
Key: Admin, Global Mod, Mod
Top Posters
Bert 11269
JBS 2498
Sandeep 2206
Wendell365 2192
Leslie 2002
ryanjo 1998
Wayne 1889
Indy 1730
Steven 1718
hockeyref 1669
Newest Members
MDL, DaProfet, catdba, RSM, [email protected]
4429 Registered Users
Forum Stats
4429 Members
16 Forums
7883 Topics
70874 Posts

Max Online: 186 @ 11/25/17 05:44 AM