Whitepaper: Windows Server 2008 Hyper-V and BitLocker Drive Encryption

For over one year Microsoft suggested to use its encryption technology BitLocker to secure virtual machines on Virtual PC or Virtual Server 2005 hosts.

Now the company releases an official 17-pages document to explain how to adopt the same technique with the new Hyper-V 1.0.

While the need to secure a virtual machine content exists, it’s not said that the Microsoft recommended approach is the best one.

While enforcing encryption in fact BitLocker, which uses hardware and firmware capabilities (like TPM), hinders the mobility of any secured virtual hard disk.
Any attempt to migrate the VM from one host would translate in an unreadable guest OS, negating one of the fundamental property of virtualization: the mobility.

In some environments customers may want exactly this, avoiding any movement of any virtual machine, but a different approach where the encryption layer follows the VM.

Microsoft obtained the tools to achieve such goal in March with the acquisition of Kidaro.
Now it’s a matter of applying the technology to Hyper-V.