Sunday, October 11, 2009
TrueCrypt on Present-V
While office applications (e.g. MS Office 07) can be easily delivered remotely via RDP, we wonder if we can have a secure vault for confidential document processing. The free open source TrueCrypt comes to our minds. You can create encrypted Virtual Hard Disk (VHD) and mount it on a logical drive. As these VHDs are file-based, they can be easily moved around and easy on back-up.
We have tested that TrueCrypt works perfectly well on Present-V and we even managed to place its symmetric keyfile into a PKCS#11 smart token for enhanced security. For quicker startup, we wrote a script (see command-line usage) that can auto-mount the VHD on the first available drive.
As the process is running on the terminal server, only one drive can be mounted for each process on each server, i.e. you can't mount 2 VHDs on the same E: drive on the same host. That would place a logical limit of 26 (alphabets) - 3 (reserved A,B,C) = 23 users (assuming 1 user = 1 process) on each terminal server. Thanks to the free Hyper-V in Windows 2008, this constraint can be easily worked around. With the in-built Session Broker, the load can be balanced among a pool of several Virtual Machines (VMs) in a DNS round-robin style.