Share via

Bitlocker or vm encryption for RODC server core

Vinothraj D 41 Reputation points
2023-05-08T12:56:40.36+00:00

Hi Team,

We are planning to migrate our physical DC to RODC server core virtualization . There is client requirement to enable bit locker in our RODC server core VM but as far my knowledge instead of going for bit locker why don't we consider VM encryption which will fulfill the same purpose data disk stolen. Could someone please suggest which could be the best option with respect to encryption, performance and server management wither Bit locker or VM encryption?

if Bit locker is the best option please share dome best practices guide for implementation .

Note: we are using virtualization platform as VMware.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,531 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
162 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 44,336 Reputation points Microsoft Employee
    2023-05-09T09:32:11.0033333+00:00

    @Vinothraj D Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    Firstly, Are you using Azure VMware Solution in your scenario ? Since you have reached Azure Disk Encryption platform?

    However, let me share some-inights on your query: Both BitLocker and VM encryption provide data encryption solutions to protect against data breaches in case of stolen data disks. However, there are some differences to consider when deciding which option to choose.

    BitLocker is an encryption tool provided by Microsoft and is used to encrypt data at rest on a disk volume. It can be used on both physical and virtual machines and provides a high level of security for data on the disk. BitLocker is easy to use and manage as it is integrated with Active Directory and Group Policy, making it easy to deploy and manage for large-scale deployments. However, BitLocker can potentially cause some performance degradation as it has to decrypt the data on the fly when accessed.

    On the other hand, VM encryption is a feature provided by the virtualization platform, in this case, VMware, and provides encryption of virtual machine disks. VM encryption is transparent to the guest operating system, and hence, it is easy to deploy and manage as well. VM encryption provides granular control of the encryption keys, and hence, it provides better security. However, VM encryption may have some impact on the performance of the virtual machine, and it may require additional resources to handle the encryption and decryption process.

    In conclusion, both BitLocker and VM encryption provide strong data encryption solutions, and the choice between the two will depend on the specific needs and requirements of the organization. If ease of deployment and management is a priority, then BitLocker may be a better option, while if granular control of encryption keys and better security is required, then VM encryption may be the way to go.

    As for best practices for BitLocker implementation, Microsoft has provided a comprehensive guide that can be found here: Prepare an organization for BitLocker: Planning and policies This article for the IT professional explains how to plan BitLocker deployment.

    Please let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you**, this can be beneficial to other community members.**

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest