Preallocating storage is a good idea for VMs with encrypted virtual drives, thin provisioning is not

Posted by Paul Braren on Feb 12 2014 in
  • ESXi
  • Windows
  • Workstation
  • So, let's step back and think about this. When configuring a new Virtual Machine under VMware Player, Workstation, or ESXi, you are faced with the question of what size you want your virtual drive to be. The size of the C: drive that your guest operating system will "see," once it formats it.

    You can pick something realistic, that'll fit your operating system and a bunch of applications, such as the suggested 60GB for Windows 7. Or you can instead "lie" to the virtual machine, pretending you have a giant C: drive so you don't have to worry about resizing it, one that is up to:

    • 2TB with VMware Player 6 (free) or VMware Workstation 10
    • 8TB with VMware Player 6 / VMware Workstation 10 with a modern VM, set to UEFI BIOS
    • 62TB with VMware ESXi 5.5 - see also Wow, is that a 62TB drive in my home lab?

    So, what if whole drive encryption enters the picture. I'm talking about software encryption that takes care of the virtual drive, such as Symantec Encryption Desktop Powered by PGP Technology that some corporations use. Guess what happens as it tries to encrypt every byte of the drive, used or unused? Well, it fills up. That's right. If you made the mistake of choosing a thinly provisioned drive in VMware Workstation 10 or VMware Player, that relatively small 16GB .vmdk file on your drive that holds the fresh install of Windows blows up quickly, until it reaches the actual maximum size of the drive you told it to pretend that you have.

    In my case, this VM's .vmdk file was on my C: drive, an SSD that was already 80% full. So you can guess that within minutes, I had myself a real problem on my hands, as the operating system running VMware was Windows 8.1, and 8.1 sure got very unhappy once it realized it suddenly had 0% available disk space. Not good!

    So, next time, *when you need to make a VM that is destined for whole drive encryption under Player or Workstation choose the "Allocate all disk space now" option when you go to create that VM**, keeping this little story in mind!

    *for ESXi, a pre-allocated drive is the default drive setting



    Specifying Disk Capacity for a Virtual Machine

    Support for virtual machine disks larger than 2 TB in vSphere 5.5 (2058287)

    Oct 01 2014Update:
    It turns out that resizing your encrypted boot drive, in your VM, is quite possible. I might be able to publish a step-by-step video of the process, but for now, I present a basic step summary for you. This guide will get most folks over the pitfalls. My recent use case was with a fast VMware Workstation 11 Beta running on my Windows 8.1 64 bit laptop, but work the same with Workstation 10. The VM itself is Windows 7 64 bit, running Symantec Encryption Desktop.

    As always, you are responsible for backing up all you data before attempting any such work, just in case this operation goes sideways on you. Remember, it's likely encrypting your virtual drive isn't supported.

    That said, using these steps myself hasn't bitten me yet. I've done this 3x already, over the past year or so. I had to take advantage of that 1TB SSD drive somehow ;-)

    Resizing your VMware Workstation VM's encrypted drive:

    1. boot your VM, make note of how full the VM's drive is, from the guest operating system's perspective
    2. disable encryption on all your VM's drives. For most users, such as myself, that means my C: drive
    3. uninstall the encryption product (to ensure smooth re-install later)
    4. shutdown the VM
    5. using the VM's settings dialogue, select the "Hard Disk (SCSI)" device, choose the Utilities drop-down, then select resize, and choose how much larger you'd like the drive to be
    6. boot your VM
    7. using Windows Disk Manager, extend your C: drive to utilize the unused storage space (no data will be lost), in seconds, you'll see your spare space is back again!
    8. reboot your VM (to be sure the next step doesn't misread your disk size)
    9. re-install your whole drive encryption software, and let it encrypt your drive
      That's it, you're done!