It’s been discussed quite a lot (and still some plead ignorance or stupidity) but if you have sensitive information on a computer (laptop, desktop or server) then you should encrypt the disk. Guess what? This applies to VM’s too!
VM’s are mobile. The are very mobile. To steal a VM and all of it’s data, all you have to do is copy the virtual disk file. It doesn’t matter if you’re talking about VMware or Hyper-V. Sure ESX is a little trickier because the VM is on a less common file system but a determined thief won’t let that stop them.
You need to consider encrypting the contents of that virtual disk. Windows Server 2008 includes BitLocker and that can encrypt the entire file system for you. Microsoft allegedly published a document on how you could use BitLocker with Hyper-V but the download link appears to be dead. I’m hoping they’ll rectify that.
Once you encrypt that VM, it doesn’t matter how mobile it is. The contents of the virtual disk are protected and you’re safe.