Protecting a Virtual Machine(VM) guest from a possible host compromised as well as the certain that on a 3rd party hosting environment your VM will be protected in addition to the protection applied to the hosts is a major investment area in Hyper-V 2016.
If you find that Microsoft is helping you and your business and find it has amazing technologies as I as do, please help me out by recommending it on Recomazing a new tech platform where socially connected networks store and share trusted recommendations. Please click here to help our community.
Taking into consideration that a VM is a file, stored somewhere on a storage on locally in the Hyper-v host, it needs to be protected from attacks to the storage system, the network, while it is backed up or taken or copied to other systems.
To help protect against compromised fabric, Windows Server 2016 Hyper-V introduces Shielded VMs. A Shielded VM, requires a VM to be created as generation 2, which has a virtual TPM, is encrypted using BitLocker and can only run on healthy and approved hosts in the fabric. So, if someone copy either maliciously or accidentally the VM to a non-approved host, the VM (which is encrypted), won’t start and cannot be used to be mounted to allow access to it’s file system.
Shielded VM’s use several features to make it harder for Host administrators and malware on the host to inspect, tamper with, or steal data from the state of a shielded virtual machine. Data and state is encrypted, Hyper-V administrators can’t see the video output and disks, and the virtual machines can be restricted to run only on known, healthy hosts, as determined by a Host Guardian Server.
A configured Shielded VM has:
- BitLocker encrypted disks
- A hardened VM worker process (VMWP) that helps prevent inspection and tampering
- Automatically encrypted live migration traffic as well as encryption of its runtime state file, saved state, checkpoints and even Hyper-V Replica files (from 2016 TP5)
- Blocked console access
- Blocked PowerShell Direct
- Blocked Guest File Copy Integration Components
- Blocked services that provide possible paths from a user or process with administrative privileges to the VM.
With the release of Windows Server 2016 TP5, the Hyper-V team at Microsoft made shielded virtual machines compatible with Hyper-V Replica. As with copying/moving the VM, to replicate a shielded VM, the host you want to replicate to must be authorized to run that shielded VM.
The Host Guardian Service supports two different deployments of a Guarded fabric (attestation modes): TPM-trusted attestation (Hardware based) and Admin-trusted attestation (AD based).
I hope you walk away with a better understanding of the Hyper-V Shielded VM solution from this post.
For the FIRST time ever, System Center Universe is coming to Australia in 2016! This is a first-class community conference where you can mingle with experts and fellow industry professionals to explore new technologies. The conference has been running for many years in Asia, typically Singapore and Malaysia and also in Europe and USA.
This one days event will be showcasing upcoming System Center solutions and Cloud Technologies with integration of the latest Windows 10!
Who should attend SCU?
System Center Universe Australia is a technical conference for administrators, engineers, architects, project managers and other technical-oriented people that are focused on Microsoft products and technologies. Less technical oriented people can still benefit from the conference by getting a broad overview of problem-solving solutions and of course by connecting to exhibitors and community specialists.
Why is SCU different from other conferences?
SCU is a first-class community conference that lives from inputs and ideas from people who are part of the community and knows about real-world requirements and solutions. That said, we are not marketing-driven but to present the latest and greatest content with the best speakers. Sessions are presented with lots of live demos and can go technically deep, mainly down to level 300 or 400 (advanced and expert). Attending SCU gives you ready-to-use knowledge and allows you to connect and build long-term relations with speakers and attendees from all over the world.
March 11, 2016
Crown Promenade Melbourne, Australia
Modern Infrastructure: Provisioning private clouds and virtualized data centers. September 8th @Microsoft Brisbane
What’s New in System Center VMM 2016?
System Center 2016 will continue to speed time to value with new provisioning, monitoring and automation capabilities designed for your software-defined datacenter. Optimized for both traditional management and private cloud environments.
Tuesday 8 September I will be presenting an event at Microsoft Brisbane about the new features in System Center VMM and the rich enhancements provided with Microsoft Azure Operational Insights and Automation. Learn best practices for using VMM to manage your datacenter fabric. Come and see how other customers are using System Center.
We will also have a sneak peek of Containers and management of Windows Server Containers using PowerShell.
- Tuesday, 8 September 2015 from 6:00 PM to 8:00 PM (AEST)
- Microsoft Brisbane – Level 28. 400 George st. Brisbane 4000 AU – View Map
Well, at some point we will all upgrade to Windows 2016 Server. Server aside, what happens with the virtual machines itself?
One of the good advantages of the upgrade process is that it will not automatically upgrade the Virtual Machine configuration file. The virtual machine configuration version represents what version of Hyper-V the virtual machine’s configuration, saved state, and snapshot files it is compatible with.
After installing Windows Server 2016 and then importing or migrating (moving) a Virtual Machine from Windows Server 2012R2 the configuration version will remain the same: in Windows Server 2012R2 the VM configuration version is 5 and my advice for you is that you keep it as version 5 it the workload is important for you and you don’t want any risk. It is not clear yet if it will be possible to upgrade the virtual machine from Technical Preview to RTM.
On the positive side, by not upgrading the VM configuration version, the VM can be moved back to a server running Windows Server 2012 R2, if required. On the negative side, you will not have access to new VM features until you manually upgrade the virtual machine configuration version.
- Version 5 VM’s can run on both Windows Server 2012 R2 and Windows Server 2016.
- Version 6 VM’s can run ONLY on Windows Server 2016.
Also, in Windows 2016 Server the configuration changed from file (XML) and BIN + VSV extensions to VMCX (Virtual Machine Configuration) and VMRS (Virtual Machine Runtime State). The new format are also more resistant to storage corruption and more effective in r/w changes to VM configuration.
Summary of the VM configuration version
- Server 2012 R2 has VM configurations version 5
- Server 2016 TP1 – version 6.0
- Server 2016 TP2 – version 6.2
The public download for Windows Server 2016 Technical Preview 2 (TP2) is here: http://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
Now it is your time to give your feedback to the Microsoft Product team and help them improve Windows Server 2016
- Virtualization: http://windowsserver.uservoice.com/forums/295050-virtualization
- Clustering: http://windowsserver.uservoice.com/forums/295074-clustering
- Storage: http://windowsserver.uservoice.com/forums/295056-storage
- Networking: http://windowsserver.uservoice.com/forums/295059-networking
- Nano Server: http://windowsserver.uservoice.com/forums/295068-nano-server
- Linux Support: http://windowsserver.uservoice.com/forums/295062-linux-support
- Windows Server in general: http://windowsserver.uservoice.com/forums/295047-general-feedback
What’s new in Windows Server 2016 Technical Preview 2: (Please note that this is pre-released software; features and functionality may differ in the final release, that’s why YOUR FEEDBACK IS VERY IMPORTANT)
Compute and Virtualization: Simplified upgrades, new installment options, and increased resilience, helping you ensure the stability of the infrastructure without limiting agility.
Networking: Continued investment to make networking as flexible and cost-effective as possible while ensuring high performance.
Storage: Expanding capabilities in software-defined storage with an emphasis on resilience, reduced cost, and increased control.
Security and Assurance: Protecting against today’s threats with a “zero-trust” approach to security that is rooted in the hardware.
Management: Ongoing advances to simplify server management and increase consistency in approach.
- PowerShell Desired State Configuration (DSC) for easier, consistent and faster deployment and updates.
- PowerShell Package Manager for unified package management and deployment
- Windows Management Framework 5.0 April Preview and DSC Resource Kit (available online simultaneously with TP2)
Last October, Microsoft and Docker, Inc. jointly announced plans to bring containers to developers across the Docker and Windows ecosystems via Windows Server.
Hyper-V Containers will ensure code running in one container remains isolated and cannot impact the host operating system or other containers running on the same host. Applications developed for Windows Server Containers can be deployed as a Hyper-V Container without modification, providing greater flexibility for operators who need to choose degrees of density, agility, and isolation in a multi-platform, multi-application environment.
The new Microsoft Container technology offers flexibility and choice through Windows Server containers, Linux containers, and Hyper-V containers both in the cloud and on-premises.
Join Microsoft’s Symon Perriman to see an overview of the new capabilities coming in the next version of Hyper-V for Windows Server. The new feature will enhance management of virtualized servers, storage, networks, and workloads. Learn about upgrading the fabric and virtual machines, Linux support, quality of service, backup, and dynamically adding new resources.
Register now for these exclusive webinars by Microsoft’s Symon Perriman. The webinars will be co-hosted by Savision’s VP of R&D, Steven Dwyer. The webinars will be held on two different dates: