Aug 08 2017
09:16 AM
- last edited on
Apr 15 2021
11:28 AM
by
TechCommunityAP
Aug 08 2017
09:16 AM
- last edited on
Apr 15 2021
11:28 AM
by
TechCommunityAP
What is a Shielded Virtual Machine, and what does it take to run it?
Aug 08 2017 09:23 AM - edited Aug 08 2017 09:30 AM
Shielded VMs help protect themselves from malicious Hyper-V admins and even malware that might be running on the Hyper-V host. Their disks are encrypted as you'd expect and they actually have virtual TPMs that are used to measure the boot process of the guest OS and release keys to BitLocker only when it's considered trustworthy. In addition, shielded VMs only run on guarded hosts--guarded hosts are those that been blessed as "healthy" by something called the Host Guardian Service--a new server role in Windows Server 2016. To run shielded VMs, you need Windows Server 2016 DataCenter edition, a HGS cluster and, if you'd like strongest protections, you'll need Hyper-V hosts that support TPM v2.0. See aka.ms/shieldedVMs for loads more info