Hard disk encryption in the cloud

Feel free to Share this Article:

Illustration hard disk encryption

Author: Matias Meier

Category: Cyber-Security / IT infrastructure

November 14, 2019

Every administrator has encrypted a hard disk at some point, be it on a notebook or a computer. But what does it look like in a virtual environment? We'll show you step by step how hard disk encryption in the cloud works and what advantages it has, using Bitlocker as an example.


Bitlocker is often used with Windows operating systems because Bitlocker is very easy to use. Bitlocker is also present in Windows server operating systems and can therefore be used. On a root server, it is like on a notebook or computer, the authenticity is checked by means of a TPM module. The advantage is that no password is required when starting the system.

However, there is no TPM module available for virtual systems, such as our cloud servers and our virtual data center Xelon HQ. But there is still a way to use Bitlocker with Windows servers.

Bitlocker hard disk encryption in the cloud

You can use Bitlocker on Windows servers after installing the Windows feature Bitlocker Drive Encryption via the Server Manager.

Hard disk encryption in the cloud

After the installation and a restart of the operating system, 'BitLocker Drive Encryption' is now available for selection in the control panel. You can now encrypt the system drive, you only get the note that no compatible TPM module was found. In the local group policy editor, you must now configure that a password may be used for startup.

Activate the setting under: Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives -> Require additional authentication at startup.

Hard disk encryption: Bitlocker activation

After updating the local GPOs or rebooting the system, the system drive can now be encrypted with a password.

Always store recovery key

It is mandatory to store the recovery key, otherwise, the drive encryption process cannot be started. Bitlocker does not allow you to store the key on the hard disk to be encrypted. This makes sense and it is recommended to 'print' the recovery key. As a printer you can then use the 'Microsoft Print to PDF' printer, then save the generated PDF and have the key when needed.

Then you should run the "Boot Check". This way you are sure that the assigned password can be entered via the console (the VDC uses the HTML5 console for this). After a reboot, the encryption will be started. Depending on the size of the drive, this will be completed in a few minutes.

At each boot, the password must now be entered via the console so that the system can be started. If the password is lost, the system can be unlocked using the recovery key previously saved as a PDF. If both components are lost, there is no way to access the data.

Of course, you can also use third-party tools like VeraCrypt for Linux/Windows or the standard tool LUKS for Linux.

All right? If not, feel free to send us your question by mail , we will be happy to help you.


Matias Meier

Subscribe to our newsletter!

Don't miss any of our IT blogs and be the first to know about Xelon news or offers.

Related News

IT infrastructure Linux

A template for Debian 10 is now available in our Virtual Datacenter or Xelon HQ. But what are the...

August 22, 2019

1 mins read


Cyber-attacks, data theft or unauthorized network access can cause costs in the millions, criminal...

January 29, 2021

2 mins read

IT infrastructure Linux

The term dedicated server actually defines quite clearly what you get. But beware, a dedicated...

May 21, 2019

1 mins read

IT infrastructure

The bionic beaver is the latest LTS version of Ubuntu (18.04). A template for this operating system...

September 20, 2019

1 mins read