This article provides additional information on how SafeGuard Enterprise (SGN) supports execution in virtual machines including VMware View environments.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Management Center / Local Policy Editor
SafeGuard Device Encryption
SafeGuard Data Exchange
SafeGuard Configuration Protection
All supported Operating Systems
What To Do
SafeGuard Enterprise (SGN) in general supports execution in virtual machines including VMware View environments. However, please note the following:
- The requirements for the operating system running inside the VM are the same as for normal desktops with respect to the SafeGuard product being used.
- It is possible to execute a full disk encryption like SGN DeviceEncryption (DE) in a VM. However, this is only useful for product evaluation but not for productive use, because the virtual disk of a VM will utilize its complete space once it is encrypted. When left unencrypted, the virtual disk will only require as much space as the data it needs to store. This can make a significant difference when maintaining a large number of virtual machines with large virtual hard drives.
- SGN DE is instead recommended to run on thick clients (the VMware host OS), if there is any confidential data stored on the host OS outside of the VM or the VM is stored unencrypted on the host.
- VMware View can be configured to run encrypted sessions with its servers and can also encrypt the VMware images as such, which should be used as basic security best practice.
- It is useful and recommended though to use the non full disk encryption modules of SafeGuard Enterprise in a virtualized desktop. These are SGN DataExchange (DX), ConfigurationProtection (CP) or future FileShare (FS).