Post in evidenza

Recovery - Access, Excel, Word, Office and Photo recovery tools and other blog procedures

During these years I had necessity to recover various files (.doc, mdb, .xls, photos...)  I utilized various free tools (here is an exampl...

Windows Server 2016 - Deploying Shielded VMs and a Guarded Fabric

Imagine that someone manages to walk out the door with dozens of virtual machines because they’re all centrally located. Worse, they can take those virtual machines home and run them on their personal desktop or laptop and you still have no idea they left the premises.

Finally :

Safeguard VMs so that VMs can only run on infrastructure you designate as your organization’s fabric and are
Protected VMs even from compromised administrators.
To do this, we are introducing Shielded VMs in Windows Server 2016. Shielded VMs protect virtual machines from compromised or malicious administrators in the fabric, such as storage admins, backup admins, etc. by encrypting disk and state of virtual machines so only VM or tenant admins can access it.

In addition, we are also protecting the fabric with a new Windows Server feature: the Host Guardian Service. When a shielded virtual machine is turned on, the Host Guardian Service (HGS) checks to see if the hosts are allowed to run the Shielded VM. This is accomplished through attestation and hardware based boot measurements along with a new feature: Code integrity to determine whether a host meets the criteria as a healthy host and may run the Shielded VM.

Here it MVA video courses that explain how deploying Shielded VMs and a Guarded Fabric with Windows Server 2016

More details:

A closer look at shielded VMs in Windows Server 2016

Guarded fabric and shielded VMs overview

Shielded VMs documentation

Shielded VMs infographic


Here it is an interesting Microsoft Video about how securing VMs on 2016.

MVA Course:

Wondering what it takes to go from a Windows Server 2012 fabric to a Windows Server 2016 guarded fabric? Need help setting up that guarded fabric? In this hour-long course, join experts for an end-to-end step-through of a live Windows Server 2016 guarded fabric deployment—hands-on, brick by brick. See how easy it is, with the right hardware and software, to set up this security.

Start with a look at the Host Guardian Service (HGS), and then learn to configure Trusted Platform Module–based (TPM-based) attestation on the Hyper-V host. Create baseline security policies and Hypervisor-enforced Code Integrity policies, and configure HGS to attest to them. Plus, get the details on signing trustworthy template disks, creating shielding data, and deploying Shielded VMs.

NOTE: If you need a refresher, take a look at Ryan Puffer’s Windows IT Center entry on guarded fabric and Shielded VMs and at the Datacenter and Private Cloud Security Blog.

1 | Deploying Shielded VMs in a Windows Server 2016 Guarded Fabric
Get an in-depth look at a live deployment of a Windows Server 2016 guarded fabric—hands-on, brick-by-brick, from the ground up.