I have a question about how to properly set up full disk encryption on a server running virtual machines.
My setup is Windows 2012 with 2 VM's(Hyper-V) on it.
I was looking into using Becrypt for full disk encryption.
Would it be sufficient to run full disk encryption just on a host?
or should I run it on host and on each VMs?
Bitlocker with Active Directory integration is probably best for Windows Server 2012. Your primary problem with FDE on servers is the requirement for boot time passwords with things like Becrypt, TrueCrypt, PGP. Boot time passwords generate extra work for your network ops.
Encrypting inside the VM is usually unnecessary. What are you defending against? Full Disk Encryption is usually a defence against the disks or the whole device being physically stolen. In a typical scenario, a VM host server and the VMs will powered on and disks decrypted 24/7, inside a physically secure environment such as a data centre. But even if your physical server is vulnerable to theft, the VM data will be encrypted any time the physical server is encrypted.
The only occasion I can see where the FDE in the VM would be useful is to protect a backup of the VM - providing the VM was shut down properly before backup. But it would be better to encrypt the whole backup.
Of course if you are in a regulatory environment where FDE is required for legal reasons then you just have to get on with it - I would use Bitlocker.