Microsoft makes this possible with something they call the Isolated User Mode or IUM. The vTPM is essentially a virtualized version of the Trusted Platform Module. With vTPM, you now have the ability to make the Trusted Platform Module available to VMs so they can effectively be encrypted for security purposes.
#ENCRYPTO SERVER WINDOWS#
Since you don’t really have access to these means of decryption, the Virtual Trusted Platform Module helps to solve this problem starting in Windows Server 2016. The two methods that are used to decrypt the drives are either plugging some sort of device in with the key to allow the BitLocker encrypted drive to boot or a Trusted Platform Module that is a small chip with the information to decrypt the drive contained therein. BitLocker encryption has to have a way to unencrypt the drive when the machine boots which with virtual environments can be problematic. The use case for encryption has greatly expanded with today’s highly virtualized environments existing in potentially unsecured locations. So, it is a great security mechanism to be used for the mobile workforce. If a thief steals a laptop and simply takes the hard drive out, mounts it in another machine to bypass your Windows login, the data on the hard drive is encrypted and unreadable. BitLocker encrypts your data at a hard drive level. BitLockerīitLocker is a technology that has gained popularity especially with mobile users who make use of laptops day-to-day.
![encrypto server encrypto server](https://docs.microsoft.com/en-za/azure/includes/media/virtual-machines-managed-disks-description-customer-managed-keys/customer-managed-keys-sse-managed-disks-workflow.png)
Let’s look at these individually and see how they can benefit you and your environment from a security perspective.
![encrypto server encrypto server](https://cdn2.hubspot.net/hubfs/15891/images/sql-decrypts-db.png)
Let’s take a look at the following Windows Server encryption technologies: When it comes to Windows Server environments today, using encryption in areas other than simply mobile workers is certainly a best practice when it comes to security. Also, you may have Microsoft Azure resources you are making use of in addition to your on-premises data center. Your environment today no doubt includes virtualized environments and in particular to Windows, Hyper-V environments. Most likely your Windows Server environment has changed since the traditional days of on-premises Windows Servers only serving out file shares and Active Directory. Windows Server Encryption Technologies and Use Cases