| title | description | ms.topic | ms.assetid | manager | author | ms.author | ms.date |
|---|---|---|---|---|---|---|---|
Deploying the Host Guardian Service |
Learn more about: Deploying the Host Guardian Service |
article |
310b63d9-5ac7-4961-98ef-103af45d706a |
dongill |
robinharwood |
wscontent |
01/14/2020 |
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
One of the most important goals of providing a hosted environment is to guarantee the security of the virtual machines running in the environment. As a cloud service provider or enterprise private cloud administrator, you can use a guarded fabric to provide a more secure environment for VMs. A guarded fabric consists of one Host Guardian Service (HGS) - typically, a cluster of three nodes - plus one or more guarded hosts, and a set of shielded virtual machines (VMs).
[!VIDEO https://www.microsoft.com/videoplayer/embed/dcd8e99f-36f1-4bc8-b3d2-9576da38d9f1?autoplay=false]
The following table breaks down the tasks to deploy a guarded fabric and create shielded VMs according to different administrator roles. Note that when the HGS admin configures HGS with authorized Hyper-V hosts, a fabric admin will collect and provide identifying information about the hosts at the same time.
| Step and link to content | Image |
|--|--|--|
| 1 - Verify HGS prerequisites | 
|
| 2 - Configure first HGS node | 
|
| 3 - Configure additional HGS nodes | 
|
| 4 - Configure fabric DNS | 
|
| 5 - Verify host prerequisites (Key) and Verify host prerequisites (TPM) | |
| 6 - Create host key (Key) andCollect host information (TPM) | 
|
| 7 - Configure HGS with host information | 
|
| 8 - Confirm hosts can attest | 
|
| 9 - Configure VMM (optional) | 
|
| 10 - Create template disks | 
|
| 11 - Create a VM shielding helper disk for VMM (optional) | 
|
| 12 - Set up Windows Azure Pack (optional) | 
|
| 13 - Create shielding data file | 
|
| 14 - Create shielded VMs using Windows Azure Pack | 
|
| 15 - Create shielded VMs using VMM | |