Saturday Sep 12, 2015

VirtualBox 5.0 Enhancements and Features: Disk Image Encryption

On July 9th 2015 we released our new VirtualBox 5.0 major release.
This release introduced many new features like:

•    Virtual Machine Management
    - Paravirtualization support for Windows and Linux guests
    - More instruction set extensions available to the guest

•     Device support
    - xHCI Controller to support USB 3 devices

•     Usability
    - Improved Drag and drop support
    - Disk image encryption
    - VMs started with separate GUI – foreground – / VM – background – processes

And a further list of GUI enhancements that will be better described in the next articles.

The new features that I’m going to introduce today is “Disk Image Encryption”.

As you know, the encryption options is something available also on your Host Operating System and for business environments could be a must-to-have; that said, usually, someone could say:

“I already have my encryption at a lower level (Host OS), why do I need further encryption for my vms ??”

Personally I think that today having encryption on your personal or company laptop could not be enough; the era of CDs/DVDs is going to end (maybe it’s already over) but a new era is coming:

•    Local: USB-Keys, USB-disks and, even, mobile devices like our smartphones
•    Remote: cloud backup solutions ( free or paid )

Once we are going to copy or move something ( in our example virtual-machines ) on an external local device or on a cloud backup solution often the destination could not be encrypted; so, while your company spent a bunch of $ to have data encryption, your virtual-machines, once copied on external-devices, could have been accessed and used by everyone.

Our virtual-machine, created on top of VirtualBox, could contain confidential information, or our next software release, software code or anything else that needs the highest security level.

So, this is the target of our new feature “Disk Image Encryption”; thanks to this feature you’ll have encrypted virtual-machines and even if you are going to copy/clone or move them on external-devices / web-storage / cloud-backup their built-in encryption will maintain your data secure.

Note: The “Disk Image Encryption” is shipped as a VirtualBox extension pack, which must be installed separately.

Starting with VirtualBox 5.0 ( our latest release today is 5.0.4 ), it is possible to encrypt the data stored in hard disk images transparently for the guest. VirtualBox uses the AES algorithm in XTS mode and supports 128 or 256 bit data encryption keys (DEK):

This operation can be executed also using command-line interface, using following syntax:
VBoxManage encryptmedium "uuid|filename" --newpassword "file|-" --cipher "cipher id" --newpasswordid "id"

The DEK is stored encrypted in the medium properties and is decrypted during VM startup by entering a password which was chosen when the image was encrypted:

This operation can be executed also using command-line interface, using following syntax:
VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]

In some circumstances it might be required to decrypt previously encrypted images and this can be achieved both from GUI and command-line interface:

This operation can be executed also using command-line interface, using following syntax:

VBoxManage encryptmedium "uuid|filename" --oldpassword "file|-"

Final considerations

Since the DEK is stored as part of the VM configuration file, it is important that it is kept safe. Losing the DEK means that the data stored in the disk images is lost irrecoverably. Having complete and up to date backups of all data related to the VM is the responsibility of the user.
Here an example of the configuration file of one encrypted virtual-machine:

This is our first chapter of many, about new features introduced by VirtualBox 5.0. See you to the next feature!
Let's keep in touch!


Thursday Jul 09, 2015

Oracle VM VirtualBox 5.0 Now Available!!!

Today, with Oracle VM VirtualBox 5.0, we completed a big step forward on Desktop Virtualization Solution.

Oracle VM VirtualBox 5.0, that include a large number of enhancement and bug fixes, is the new real bridge between different Cloud solutions ( Private, Public and Hybrid ) and between Cloud and On-Premise.

Here you can find a list of useful documents and links like:

Oracle Press Release that officially announce Oracle VM VirtualBox 5.0

Oracle VM VirtualBox 5.0 post on Official Oracle Virtualization Blog

Hands-on Labs with Oracle products on top of Oracle VM and VirtualBox

list of documents and how-to of Oracle Products installed on a single laptop on top of Oracle VM VirtualBox

list of pre-built VirtualBox virtual machines with all main Oracle Products on top 

User Manual with all details, changelog of Oracle VM VirtualBox 5.0

Further interesting links for Oracle VM VirtualBox: 


Monday Jan 13, 2014

Updated Oracle VM Hands-On-Labs

On official Oracle Technology Network site you can find updated Oracle VM Hands-On-Labs.

New items listed are:

New - How to Migrate to Oracle Linux and Oracle VM from RedHat Linux and VMWare

New - How to Deploy a Four-Node Oracle RAC 12c Cluster in Minutes Using Oracle VM Templates

Updated - Deploying and Managing a Private Cloud

You can run those labs at office or home using your own X86 machine by following the detailed updated documents.

Keep this page in your bookmarks if you would like to keep updated on Oracle VM technical articles.


Simon Coter is a Principal Product Manager for Oracle VM and VirtualBox. He worked on projects covering more Oracle products such as Oracle Database, eBusiness Suite, Oracle VM, Oracle Linux, Oracle ExaData and much more.


« November 2015