Creating a secure volume

The Stormshield Data Virtual Disk feature makes it possible to create secure virtual volumes. All of the files on these volumes will be stored securely.

An encrypted volume can be used the same way as a normal hard disk drive. You can copy files on it and start applications that use these files. You can also install software on an encrypted volume.

Similarly to a physical disk volume, a virtual disk volume can be damaged or destroyed, leading to the loss of data contained in it. You must keep a backup copy of the files stored on the virtual volume, or the file hosting the content of the virtual volume. You should take the same precautions with this virtual volume as you would for a normal physical volume (formatting, error checking, fragmentation, and backup management).

To create a secure volume:

  1. In the Windows search bar, look for Stormshield Data Virtual Disk.
  2. From the Stormshield Data Virtual Disk control panel, select the Mounted volumes tab.
  3. In the Mounted Volumes tab, right-click and select New Volume:

  4. Following an introduction dialog box, the following dialog box is displayed:

    • Specify the volume name and its location in the File field. The .vbox extension is automatically added to the volume name.

      If an encrypted volume is locally mounted in a Windows session, all users allowed to open a local session on the workstation will be able to access the content of the encrypted volume. For further information, refer to the section Configuring and using the agent's advanced features in the SDS Enterprise administration guide.

    • Specify the volume size in the Size field. You can define the volume size between 1 MB and the maximum available size. The default volume size is 10% of the available space on the drive unit.

      The maximum size of a Stormshield Data Virtual Disk volume is 2048 GB (2 TB).

  5. Click on Next.
  6. You may want to authorize other users to use the new volume separately. Enter their name in the search field. The search displays users or groups specified in the trusted address book as well as users from the LDAP directory if it is configured.

    Simultaneous use of the volume by different users is not possible. Each allowed user accesses the volume alternately.


    When the users list is completed, click Next.

  7. The following dialog box is displayed:

    In the dialog box displayed above you must:

    • select the encryption algorithm and key strength used to encrypt your new volume. The AES algorithm with a 256 bits key size offers the best protection, with high-standard execution performances;
    • indicate if you wish the volume to be mounted automatically each time you connect to SDS Enterprise;
    • select the drive unit mount letter to be used and indicate if the volume must be automatically mounted each time you connect to SDS Enterprise. The drive letter must not be used by another network drive or USB drive.
  8. Click Next to see a summary of the choices you made.
    • Click Back to modify your settings.
    • Otherwise click Finish to confirm and end the creation of your encrypted volume.

Once the volume creation process is completed, the volume appears whenever you open Windows Explorer. All files placed on this volume are encrypted and only authorized users will be able to access the encrypted volume's content.

The .vboxsave backup file is created in the same folder as the .vbox container file.