Encrypting a Virtual Machine
Last updated
Last updated
Starting from Parallels Desktop for Mac 20.3.1, the encryption of corporate virtual machines and Golden Images is governed by the Do not allow running virtual machines without this company's Parallels license policy as described in the chapter. This way, you can ensure that the virtual machines and Golden Images that may contain sensitive corporate data or access will not launch outside your organization's Parallels Desktop environment.
With this change, the respective option in the Security tab of the virtual machines' settings has become inactive, even if the aforementioned policy is not applied. This way, your users won't be able to control their corporate virtual machines' security via the graphical interface or the command line utility.
Attention: The encryption process for a given virtual machine requires roughly double the amount of disk space that the virtual machine occupies. Plan accordingly. Check the status using the respective parameter on the Parallels Management Portal.
Only stopped or suspended virtual machines undergo the encryption process. Therefore, once you apply this policy and the local Parallels Desktop installation receives the respective command from the server, one of the following things will happen:
A new virtual machine created on your company's Parallels Desktop installation will be encrypted based on your organization's Parallels Desktop Enterprise Edition license regardless of the way it was created: from a Golden Image, from appliances, or via cloning. This encryption method persists through packing, conversion to a template, or other operations.
A stopped/suspended virtual machine will be encrypted right away.
A running virtual machine will be encrypted as soon as it is stopped or suspended.
A packed virtual machine will be unpacked, encrypted, and packed again.
An archived virtual machine will be unarchived, encrypted, and packed due to the archiving functionality being deprecated.
For a virtual machine encrypted on the user side, Parallels Desktop will wait for the user to perform an operation that requires the encryption password and then change the encryption from the user-side one to the one tied to your organization's Parallels Desktop Enterprise Edition license.
As a result of tying your corporate virtual machines' encryption to the license, users won't be able to launch such virtual machines on Parallels Desktop installations activated with any other license except your company's.
