VMware Workstation encryption technology prevents unauthorized access to virtual machines

The encryption feature of VMware Workstation prevents unauthorized users from accessing sensitive data of virtual machines. This article introduces the configuration and limitations of using Workstation encryption technology to control virtual machine access.

Encryption protects virtual machines and limits modifications to virtual machines. In the production environment, you do not want to start the virtual machine without obtaining the correct password, because unauthorized users may obtain sensitive data.

Figure 1. The VMware Workstation access control link is used to configure encryption and restriction options for virtual machines

You must enter the decryption password to access the encrypted virtual machine. Without a decryption password, you cannot access the VMDK file of the encrypted virtual machine. VMware Workstation encryption is based on the Startup Password of the physical computing hardware. For a physical computer, you can easily retrieve its hard disk and install it in any location to access the data on the hard disk.

How to create an encrypted virtual machine

You can encrypt a VM only after it is installed. After the installation is complete, close the virtual machine, select the virtual machine in the main interface of VMware Workstation, and click "Edit Virtual Machine Settings" to open the tab. Then select the "Access Control" option, as shown in Figure 1 ).

Click "encrypt" and enter the encrypted password twice ). The encryption duration is related to the size of the Virtual Machine and the processing capability of the host. The time may be long-some may be several hours. After the encryption process is complete, enter the password again before starting the VM.

Sometimes you may want to remove the encryption attribute of a virtual machine, for example, when migrating a virtual machine from Workstation to vSphere. You can encrypt virtual machines created in an insecure personal workstation environment. Decrypt the VM when it is used in the protected vSphere data center environment. VMware does not support uploading encrypted virtual machines to remote servers. Therefore, you must remove the encryption attribute of the virtual machines before migrating them to vSphere. To share with other users, you need to remove the encryption attribute of the virtual machine because the encryption algorithm includes information of the local computer. Multiple computers cannot share access to encrypted virtual machines.

Figure 2. How to remove or change the encrypted password in Workstation

Removing encryption is as easy as encrypting virtual machines. In virtual machine properties, click Edit virtual machine settings ". Enter the password and select the encryption option to remove the encryption attribute of the virtual machine. You can change the encrypted password in this interface.

Some administrators may think that encryption will adversely affect the performance of virtual machines, but this is not the case. When you decrypt a VM, You need to perform additional operations. Once the virtual machine is enabled, you can use the decrypted virtual machine just like accessing other normal virtual machines.

Although VMware Workstation encryption helps to better protect virtual machines, it brings some risks and some limitations. For example, if you forget the password, you cannot access the VM. Encrypted virtual machines cannot be used normally in the shared environment, including migrating virtual machines from Workstation to vSphere and multi-user access scenarios in the Workstation environment.