Configuring Guarded Hosts with Microsoft Virtual Machine Manager 2016

~ John Patterson | PM for System Center & Services

Hi everyone, John Patterson here with some information on setting up guarded hosts using System Center Virtual Machine Manager (VMM). A guarded host is just a host that can run shielded VMs, and once your Host Guardian Service has been set up and configured, configuring hosts to run shielded VMs is pretty easy. All you need to do in VMM to set up a guarded host is configure the host you want to be guarded with two (sometimes three) properties:

  • Attestation Service URL – The URL of the attestation service (part of the HGS). The attestation service basically confirms that the host is authorized to run shielded VMs.
  • Key Protection Service URL – The URL of the key protection service (also part of the HGS). Once a host passes attestation, it retrieves the key required to decrypt VMs from this service.
  • Code Integrity Policy File Share Path (only required for TPM Attestation Mode) – When using TPM attestation mode (bare minimum requirement is that your host must have a TPM 2.0 chip in it), a code integrity policy is used to restrict the software that can run in kernel mode to ONLY what is specified in the code integrity file (a .p7b file). In order to get this file on the host, you must set the path to it.

So, while there is a LOT behind shielded VMs, guarded hosts and encrypted workloads, actually configuring a guarded host is easy (remember, at most you only need to set those three properties).

Now let’s do this in VMM 2016:

Step 1 – Configuring the Global HGS Settings

In the VMM console, navigate to Settings -> Host Guardian Service Settings:

clip_image002

Here you need to do two things:

  1. Tell VMM what attestation and key protection URLs that hosts in VMM will use. Note that all hosts in VMM must use the same ATT and KPS URLs.
  2. Add any CI policies to VMM. Really you don’t add the CI policy itself, but rather you add a friendly name and the location where the host themselves can fetch the CI policy from. Note that in the screen shot above, I’m pointing to a file share the hosts can access via their host account to get the CI policy from.

Now here is a potential gotcha: The Code Integrity Policy File Share Path entered in VMM is the EXACT same path set on the hosts. This means that ALL hosts using a particular CI policy need to have access to the file share path that is set in VMM.

clip_image004

Step 2 – Configure Your Guarded Host

Right-click Host -> Host Guardian Service and then check these three checkboxes:

clip_image006

  1. The first checkbox essentially sets the attestation and key protection URLs on the host. If you are not using TPM based attestation then this is the only box you need to check.
  2. The second check box sets the file path of the CI policy on the host, it doesn’t ACTUALLY put the CI policy on the host. The host fetches its CI policy on its own from the given location. In this example I’m using TPM based attestation so I specify the CI policy designated for my Dell hosts (if you didn’t guess, this happens to be a Dell server).
  3. Most of the time, applying a CI policy requires a restart. If you don’t want to restart the machine right away then don’t check the “Apply or update the policy immediately” checkbox. You can apply it later by right clicking the host and selecting “Update CI Policy“.

That’s It

That’s all it takes to configure hosts to run shielded VMs in VMM 2016. At this point, shielded VMs will be automatically placed on any guarded hosts under VMM’s management.

John Patterson, Program Manager
System Center & Services