Microsoft Hyper-V Shielded VM

This definition is part of our Essential Guide: Windows Server 2016 release broadens reach across IT spectrum
Contributor(s): Tom Walat

A Microsoft Hyper-V Shielded VM is a security feature of Windows Server 2016 that protects a Hyper-V second-generation virtual machine (VM) from access or tampering by using a combination of Secure Boot, BitLocker encryption, virtual Trusted Platform Module (TPM) and the Host Guardian Service.

A shielded VM requires Windows Server 2012 or Windows 8 or a higher operating system. When created, the shielded VM has a virtual TPM assigned and BitLocker encryption applied to allow only designated owners to access the VM. The shielded VM will not run unless the Hyper-V host is on the Host Guardian Service. Secure Boot prevents access to the shielded VM on boot.

An administrator without full rights to the shielded VM can power it on and power it off but cannot alter its settings or view the contents. BitLocker encryption protects the shielded VM's data at rest and when the VM is moving across the network during a Live Migration.

This was last updated in February 2016

Continue Reading About Microsoft Hyper-V Shielded VM



Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does this Hyper-V security feature compare to the protections in other virtualized platforms?


Extensions de fichiers et formats de fichiers

Motorisé par: