my personal blog about systemcenter

Deduplication and Compression vs Encrypted VM’s

So with 2016 server we now have the ability to enable virtual TPM inside fhe VM to help protect data from threats from anywhere to a rouge san snapshots to a stolen backup tape.

D:\New folder>ddpeval.exe “D:\UNSECURE”
Data Deduplication Savings Evaluation Tool
Copyright (c) 2013 Microsoft Corporation.  All Rights Reserved.

Evaluated folder: D:\UNSECURE
Evaluated folder size: 17,38 GB
Files in evaluated folder: 6

Processed files: 6
Processed files size: 17,38 GB
Optimized files size: 4,52 GB
Space savings: 12,87 GB
Space savings percent: 74

Optimized files size (no compression): 7,93 GB
Space savings (no compression): 9,46 GB
Space savings percent (no compression): 54

Default VM 54% deduplication with 2 default installed guests , sure this number will screw when data is added but just to give a small example

D:\New folder>ddpeval.exe “D:\SECURE”
Data Deduplication Savings Evaluation Tool
Copyright (c) 2013 Microsoft Corporation.  All Rights Reserved.

Evaluated folder: D:\SECURE
Evaluated folder size: 20,41 GB
Files in evaluated folder: 6

Processed files: 6
Processed files size: 20,41 GB
Optimized files size: 19,36 GB
Space savings: 1,06 GB
Space savings percent: 5

Optimized files size (no compression): 19,46 GB
Space savings (no compression): 981,13 MB
Space savings percent (no compression): 4

Files excluded by policy: 0
Files excluded by error: 0

The same 2 VM now with inguest bitlocker , almost all of the effect from deduplication is now gone , so secured VM’s will hurt storage cost if you rely on array based compression and or deduplication.

Sure not all VM’s will be encrypted but seeing this from a hoster perspective I can see all VM’s being encrypted