Manage Learn to apply best practices and optimize your operations.

Five ways to improve Windows Server hardening

5/6

Prevent data loss with a shielded VM

Source:  JJpan/iStock/Getty Images
Visual Editor: Sarah Evans

Windows Server 2016 security gets a virtual boost from shielded VM technology and a Host Guardian Service.

Enterprises must protect VMs, which can be stolen either internally through data leakage tactics or externally by a hacker. A VM can run on any system -- belonging to anyone -- with a suitable hypervisor layer. With high levels of virtualization in enterprises, VM theft can equal significant data loss.

One way to prevent this scenario is to tie VMs to the host system. Microsoft Hyper-V shielded VMs are assigned to a virtual trusted platform module (TPM) and encrypted with BitLocker. The shielded VM will only operate on approved hosts within the business's network fabric, which is typically a cluster of three or more server nodes for service resilience.

The Host Guardian Service evaluates and authorizes guarded hosts -- servers that can run a shielded VM -- and uses a key management service to handle the encryption keys that secure each shielded VM on host servers. The Host Guardian Service provides the virtual TPM for shielded VM operation.

The Host Guardian Service can operate using hardware-based, TPM-trusted attestation for maximum physical security, but the servers must support TPM 2.0 hardware. Alternatively, the service can use admin-based attestation, which relies on Active Directory Domain Services.

View All Photo Stories

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close