Administrator accounts work differently in virtualized environments than they do in physical ones. In particular, in a physical environment, administrative roles, such as storage administrator, network administrator, backup operator, and virtualization-host administrator, have limited or isolated rights. In contrast, in a virtual infrastructure, each of these roles with permissions to manage the physical infrastructure might have an inappropriate level of access to the virtual infrastructure.
You can mitigate this risk by using a guarded fabric. Guarded fabric is a collective term used to describe a fabric of Microsoft Hyper-V hosts and their Host Guardian Service (HGS) that can manage and run shielded virtual machines (VMs).
In Windows Server 2016, Microsoft introduced an improved Hyper-V security model designed to help protect hosts and their VMs from malicious software that might be inside them. Because a VM is just a file, you need to protect it from attacks from the storage system or network while it is being backed up.
Guarded fabrics can run three types of VMs:
- A normal VM that offers no protection above and beyond that of earlier versions of Hyper-V
- An encryption-supported VM whose protections can be configured by a fabric admin
- A shielded VM whose protections are switched on and cannot be disabled by a fabric admin
Host Guardian Service
HGS is the centerpiece of the guarded fabric solution. It is responsible for ensuring that Hyper-V hosts in the fabric are known to the hoster or enterprise and running trusted software.
Specifically, HGS is a new server role introduced in Windows Server 2016 That provides the Attestation Service and Key Protection Service (KPS) that enable Hyper-V to run shielded VMs. A Hyper-V host becomes a guarded host as soon as the Attestation Service affirmatively validates its identity and configuration. KPS provides the transport key that is needed to unlock and run shielded VMs.
HGS supports two different attestation modes for a guarded fabric:
- Admin-trusted attestation (Active Directory based). Admin-trusted attestation is intended to support existing host hardware where TPM 2.0 is not available. It requires relatively few configuration steps and is compatible with commonplace server hardware.
- TPM-trusted attestation (hardware based). TPM-trusted attestation offers the strongest possible protection, but also requires more configuration steps. The host’s hardware and firmware must include TPM 2.0 and UEFI 2.3.1 with Secure Boot enabled.
To help protect a fabric against compromise, Windows Server 2016 with Hyper-V introduced shielded virtual machines. A shielded VM is a generation 2 VM that has a virtual TPM, is encrypted by using BitLocker Drive Encryption, and can run only on healthy and approved hosts in the fabric.
HGS manages the keys used to start up shielded VMs. Without HGS, a Hyper-V host cannot power on a shielded VM because it cannot decrypt it. HGS will not provide the keys to a Hyper-V host until that host has been measured and is considered healthy.
Here are three examples that illustrate how shielded VMs help protect against attacks:
- There is less risk if a malicious employee steals a shielded VM’s .vhd files because those files are encrypted.
- HGS will not release keys to hosts with debuggers attached.
- A malicious employee who attempts to move a shielded VM to an untrusted host will discover that the new host will not be recognized. Trusted hosts are added to HGS by means of identifiers unique to their TPMs and are protected even if they are moved to another HGS.