{"id":7115,"date":"2016-05-10T09:00:58","date_gmt":"2016-05-10T16:00:58","guid":{"rendered":""},"modified":"2025-04-30T11:41:07","modified_gmt":"2025-04-30T18:41:07","slug":"a-closer-look-at-shielded-vms-in-windows-server-2016","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/windows-server\/blog\/2016\/05\/10\/a-closer-look-at-shielded-vms-in-windows-server-2016\/","title":{"rendered":"A closer look at shielded VMs in Windows Server 2016"},"content":{"rendered":"

This post was authored by Jeff Woolsey, Principal Program Manager, Windows Server.<\/em><\/p>\n

On this week\u2019s Microsoft Mechanics show, we bring you Dean Wells and Matt McSpirit to demonstrate Shielded VMs – another reason why you should be evaluating Windows Server 2016.<\/p>\n

A little backstory \u2026<\/h3>\n

As someone who has spent a lot of time with hypervisors and virtualization, I\u2019m the first one to tell you that virtual machines are fantastic. If you look at any datacenter today, virtualization is a key element. With virtual machines we\u2019ve made it easier to deploy, manage, service and automate the infrastructure. The benefits are many; however, as much as I love virtualization, I\u2019m almost the first person to tell you that virtualization also requires us to think differently about the security of our virtualized infrastructure and applications.<\/p>\n

Take a deep breath and read that last sentence again. It\u2019s ok.<\/p>\n

Let\u2019s discuss.<\/p>\n

Security, what security?<\/h3>\n

With virtual machines, we\u2019ve taken an operating system, an application and its dependencies which used to run on hardware and encapsulated those into a few files for a virtual machine so we can run multiple virtual machines (if not dozens) on a single system concurrently. They\u2019re easier to live migrate, backup, replicate, but it also means that we\u2019ve made it easier to modify or even copy entire workloads off the network or onto a USB stick and walk out the door with your crown jewels. A perfect example is your domain controller. Imagine if your domain controller somehow got out of your organization. The DC is literally the keys to your kingdom.<\/p>\n

Now, imagine that someone manages to walk out the door with dozens of virtual machines because they\u2019re all centrally located. Worse, they can take those virtual machines home and run them on their personal desktop or laptop and you still have no idea they left the premises.<\/p>\n

Let me be very clear: Every hypervisor, every virtualization platform has this issue. VMware, Hyper-V, Xen, KVM, etc.<\/p>\n

Encryption and TPMs<\/h3>\n

It\u2019s usually at this point where someone interjects with: \u201cYes, but the answer to this problem is encryption. All we need to do is add a virtual Trusted Platform Module (TPM) to the virtual machine so that the tenant can encrypt the VM.\u201d<\/p>\n

Great idea, except that doesn\u2019t work.<\/p>\n

We need to protect against rogue administrators and, by definition, an administrator can do anything they want on the system. Thus, anything you do to encrypt or protect a VM, the admin can undo. For example, suppose we just provided a virtual TPM inside the virtual machine. With a virtual TPM, the host admin could still find those keys in memory and decrypt the VM.
\nAgain, this applies to all platforms: VMware, Hyper-V, Xen, KVM, etc.<\/p>\n

Do I have your attention yet?<\/p>\n

Shielded VMs and guarded fabric<\/h3>\n

At the end of the day what you want is to be able to:<\/p>\n