Shielded virtual machines use several features to make it harder for datacenter administrators and malware to inspect, tamper with, or steal data and the state of these virtual machines. Data and state is encrypted, Hyper-V administrators can’t see the video output and disks, and the virtual machines run only on known, healthy hosts, as determined by a Host Guardian Server.
Why use Shielded VMs?
Shielded VMs in Windows Server 2016 protect virtual machines from Hyper-V administrators with the help of encryption technologies. Attaching vTPM devices to the Hyper-V VMs offers users the possibility to enhance their security and system integrity. The Hyper-V administrator can only turn the VM on or off. In short, even if the administrator of the hypervisor host is compromised, all the existent virtual machine data is safe.
A shielded VM provides the following benefits:
- BitLocker encrypted disks (keys protected by its vTPM)
- A hardened VM worker process (VMWP) that helps prevent inspection and tampering
- Automatically encrypted live migration traffic as well as encryption of its runtime state file, saved state, checkpoints and even Hyper-V Replica files
- No console access in addition to blocking PowerShell Direct, Guest File Copy Integration Components and other services that provide possible paths from a user or process with administrative privileges to the VM
Requirements
4 NODES
Guarded Host: WS2016 TP5 Datacenter (Secure Boot enabled)
Host Guardian Service Host: WS2016 TP5 (Secure Boot enabled)
AD Domain Controller Host: WS2008R2/WS2012R2/WS2016 TP5
Tenant Host: Windows 10/WS2016 TP5
Note: System Center VMM is not needed in this deployment.
Setup
Windows Server 2016 comes with Host Guardian Service role, providing Attestation and Key Protection services so that guarded hosts can run Shielded VMs. HGS Remote Attestation verifies the state of host configuration and if it’s guarded. HGS Key Protection enables distributed access to encrypted transport keys to enable Guarded Hosts to unlock and run Shielded VMs.
During the installation of HGS Server, it’s mandatory to specify a domain and the node will be promoted to that domain controller. HGS requires a one-way cross forest trust from the HGS domain to an AD domain controller which contains an AD group with all the nodes considered secured. That AD group will be attested to HGS Server and any member will be considered a guarded host, a node which is secure and ready to run Shielded VMs.
AD Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$GuardedGroupName='Guarded Hosts Group' # hostname of a secure node which will run Shielded VMs $guardedhost='guarded' $guardedGroup = New-ADGroup -Name $GuardedGroupName -SamAccountName 'GuardedHosts' ` -GroupCategory Security -GroupScope Global # $GroupMember should look similar to "CN=$cn, DC=$dc" # ex: "CN=guarded,CN=Computers,DC=dev,DC=com" Add-ADGroupMember -Identity $GuardedGroupName -Members $GroupMember # $guardedGroup.sid.Value will be used as an Identifier when setting up the attestation for HGS $guardedGroup.sid.Value |
HGS Configuration
|
1 |
Install-WindowsFeature -Name HostGuardianServiceRole –IncludeManagementTools -Restart |
|
1 2 3 4 5 6 7 8 9 10 |
# $HGSDomainName is the Host Guardian Service domain set up during HGS installation # the node will be promoted to a domain controller for the specified domain $AdminPass = 'Password' $HGSDomainName = 'hgs.com' $adminPassword = ConvertTo-SecureString -AsPlainText $AdminPass –Force Install-HgsServer -HgsDomainName $HGSDomainName ` -SafeModeAdministratorPassword $adminPassword -Restart |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
$certificatePasswd = 'Password' $signingCertPath = 'C:\signingCert.pfx' $encryptionCertPath = 'C:\encryptionCert.pfx' $certStoreLocation = 'Cert:\LocalMachine\My' $certificatePassword = ConvertTo-SecureString -AsPlainText $certificatePasswd –Force $signingCert = New-SelfSignedCertificate -DnsName "signing.$env:userdnsdomain" ` -CertStoreLocation $certStoreLocation Export-PfxCertificate -Cert $signingCert -Password $certificatePassword ` -FilePath $signingCertPath $encryptionCert = New-SelfSignedCertificate -DnsName "encryption.$env:userdnsdomain" ` -CertStoreLocation $certStoreLocation Export-PfxCertificate -Cert $encryptionCert -Password $certificatePassword ` -FilePath $encryptionCertPath Initialize-HGSServer -HgsServiceName $HgsServiceName ` -SigningCertificatePath $signingCertPath ` -SigningCertificatePassword $certificatePassword ` -EncryptionCertificatePath $encryptionCertPath ` -EncryptionCertificatePassword $certificatePassword -TrustActiveDirectory -Force |
|
1 |
Add-DnsServerForwarder –IPAddress $ADDnsIpAddress |
|
1 2 3 4 5 6 7 |
$HGSDomainName = 'hgs.com' $ADDomainName = 'dev.com' $ADDomainUser = 'Administrator' $ADAdminPasswd = 'Password' netdom trust $HGSDomainName /domain:$ADDomainName /userD:$ADDomainName\$ADDomainUser ` /passwordD:$ADAdminPasswd /add |
|
1 |
Add-HgsAttestationHostGroup -Name "Guarded Hosts" -Identifier "$GuardedGroupSID" |
GuardedHost Configuration
|
1 2 3 |
Install-WindowsFeature -Name HostGuardian Install-WindowsFeature -Name RSAT-Shielded-VM-Tools Install-WindowsFeature -Name FabricShieldedTools -Restart |
|
1 2 |
Add-DnsServerConditionalForwarderZone -Name $HgsDomainName -ReplicationScope "Forest" ` -MasterServers $HgsServerIP |
|
1 2 |
Set-HgsClientConfiguration -AttestationServerUrl "http://$HGSDomainName/Attestation" ` -KeyProtectionServerUrl "http://$HGSDomainName/KeyProtection" -confirm:$false |
|
1 |
Get-HgsClientConfiguration |
BOOTING A SHIELDED VM
These steps must be completed on a tenant Hyper-V node and not on the guarded host.
In order to generate a shielded VM, it’s required a shielded VM template and a pdk file containing the data regarding the guarded hosts, certificates and other information regarding the Shielded VM.
|
1 2 |
Install-WindowsFeature -Name RSAT-Shielded-VM-Tools Install-WindowsFeature -Name FabricShieldedTools -Restart |
Generate a shielded template
Currently, Windows Server 2016 Technical Preview 5 is the only supported guest OS when using signed disk templates. Make sure that the disk meets the following BitLocker requirements:
- Is formatted with the NTFS file system.
- Does not use Dynamic Volume.
- Has at least two partitions. One partition must include the drive on which Windows is installed. This is the drive that BitLocker will encrypt. The other partition is the active partition, which remains unencrypted so that the VM can be started.
|
1 2 |
$certificate = New-SelfSignedCertificate -DnsName publisher.signingcertificate.com ` -CertStoreLocation $certStoreLocation -KeyExportPolicy Exportable |
|
1 2 3 4 5 6 7 8 9 10 |
# $certificate is used to sign the template disk # Specify a disk name and version # .VHDX image is modified by embedding the .VSC file in it so making a copy of the image is recommended $TemplatePath = 'C:\protected_template.vhdx' $TemplateName = 'MyTemplate' $Version = '1.1.1.1' Protect-ServerVHDX -Path $TemplatePath -TemplateName $TemplateName -Version $Version ` -Certificate $certificate |
For creating a signed disk template without Powershell, use the C:\Windows\System32\TemplateDiskWizard.exe
Generate a pdk file
“http://$HGSDomain/KeyProtection/service/metadata/2014-07/metadata.xml”
|
1 2 3 4 |
$url="http://$HGSDomain/KeyProtection/service/metadata/2014-07/metadata.xml" (New-Object System.Net.WebClient).DownloadFile($url, $GuardianMetadataPath) New-HgsGuardian –Name $OwnerName -GenerateCertificates Import-HgsGuardian -Path $GuardianMetadataPath -Name $GuardianName -AllowUntrustedRoot |
|
1 2 3 4 5 6 |
$TemplatePath = 'C:\protected_template.vhdx' $VSCPath = 'c:\vsc.vsc' # The VSC file describes the template that the .PDK file can be applied to Save-VolumeSignatureCatalog -TemplateDiskPath $signedTemplate ` -VolumeSignatureCatalogPath $VSCPath |
|
1 2 3 4 5 6 7 8 9 |
# $rdpcertificate.thumbprint will be added in the unattended file $rdpcertificate = New-SelfSignedCertificate -DnsName ts.examplerdpcertificate.com ` -CertStoreLocation $certStoreLocation -KeyExportPolicy Exportable $rdpcertificatepassword = ConvertTo-SecureString -AsPlainText $rdpCertPasswd -Force Export-PfxCertificate -Cert $rdpcertificate -Password $rdpcertificatepassword ` -FilePath $rdpPath $rdpcertificate.thumbprint |
Here you can download an Unattended.xml sample.
|
1 2 3 4 5 6 7 8 |
$owner = Get-HgsGuardian -Name $OwnerName $guardian = Get-HgsGuardian -Name $GuardianName # Policy can be either EncryptionSupported or Shielded Protect-ShieldingDataFile -ShieldingDataFilePath $PdkOutputPath -Owner $owner ` -VolumeIDQualifier (New-VolumeIdQualifier -VolumeSignatureCatalogFilePath $VscPath ` -VersionRule Equals) -WindowsUnattendFile $UnattendedPath -OtherFile $RdpCertPath ` -Guardian $guardian -Policy Shielded |
For creating a signed disk template without Powershell, use the C:\Windows\System32\ShieldingDataFileWizard.exe.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
$vm = New-VM -Name $VMName -Generation 2 -VHDPath $TemplateVhdxPath -SwitchName "external" $pdk = Invoke-CimMethod -ClassName Msps_ProvisioningFileProcessor -Namespace root\msps ` -MethodName PopulateFromFile -Arguments @{FilePath=$pdkFilePath } # the Key Protector contains the data regarding guarded hosts # it's mandatory to pass a KeyProtector in order to enable the vtpm $kp = $pdk.ProvisioningFile.KeyProtector $vm | Set-VMKeyProtector -KeyProtector $kp # If during generating the pdk, the Policy was set to Shielded then $isShielded is $True $vm | Set-VMSecurityPolicy -Shielded $isShielded $vm | Enable-VMTPM # The unattended file can contain substitution strings for ComputerName, TimeZone, ProductKey. # The corresponding values or SpecializationDataPairs must be specified and will be added to a .fsk file New-ShieldedVMSpecializationDataFile -ShieldedVMSpecializationDataFilePath $fskFilePath ` -SpecializationDataPairs @{"@@ComputerName@@"="MyNewComputer"; ` "@@TimeZone@@"="Pacific Standard Time"} Initialize-ShieldedVM -ShieldingDataFilePath $pdkFilePath ` -ShieldedVMSpecializationDataFilePath $fskFilePath ` -VirtualMachine $vm |
If you check vm’s settings, you’ll see that the vm is shielded. The vm can be migrated on any host, but only the guarded ones will have access to vm’s data.
Happy Shielding!
Good job Iulia! This is an awesome feature.