A closer look at shielded VMs in Windows Server 2016

This post was authored by Jeff Woolsey, Principal Program Manager, Windows Server.

On this week’s Microsoft Mechanics show, we bring you Dean Wells and Matt McSpirit to demonstrate Shielded VMs – another reason why you should be evaluating Windows Server 2016.

A little backstory …

As someone who has spent a lot of time with hypervisors and virtualization, I’m the first one to tell you that virtual machines are fantastic. If you look at any datacenter today, virtualization is a key element. With virtual machines we’ve made it easier to deploy, manage, service and automate the infrastructure. The benefits are many; however, as much as I love virtualization, I’m almost the first person to tell you that virtualization also requires us to think differently about the security of our virtualized infrastructure and applications.

Take a deep breath and read that last sentence again. It’s ok.

Let’s discuss.

Security, what security?

With virtual machines, we’ve taken an operating system, an application and its dependencies which used to run on hardware and encapsulated those into a few files for a virtual machine so we can run multiple virtual machines (if not dozens) on a single system concurrently. They’re easier to live migrate, backup, replicate, but it also means that we’ve made it easier to modify or even copy entire workloads off the network or onto a USB stick and walk out the door with your crown jewels. A perfect example is your domain controller. Imagine if your domain controller somehow got out of your organization. The DC is literally the keys to your kingdom.

Now, imagine that someone manages to walk out the door with dozens of virtual machines because they’re all centrally located. Worse, they can take those virtual machines home and run them on their personal desktop or laptop and you still have no idea they left the premises.

Let me be very clear: Every hypervisor, every virtualization platform has this issue. VMware, Hyper-V, Xen, KVM, etc.

Encryption and TPMs

It’s usually at this point where someone interjects with: “Yes, but the answer to this problem is encryption. All we need to do is add a virtual Trusted Platform Module (TPM) to the virtual machine so that the tenant can encrypt the VM.”

Great idea, except that doesn’t work.

We need to protect against rogue administrators and, by definition, an administrator can do anything they want on the system. Thus, anything you do to encrypt or protect a VM, the admin can undo. For example, suppose we just provided a virtual TPM inside the virtual machine. With a virtual TPM, the host admin could still find those keys in memory and decrypt the VM.
Again, this applies to all platforms: VMware, Hyper-V, Xen, KVM, etc.

Do I have your attention yet?

Shielded VMs and guarded fabric

At the end of the day what you want is to be able to:

  • Safeguard VMs so that VMs can only run on infrastructure you designate as your organization’s fabric and are
  • Protected VMs even from compromised administrators

To do this, we are introducing Shielded VMs in Windows Server 2016. Shielded VMs protect virtual machines from compromised or malicious administrators in the fabric, such as storage admins, backup admins, etc. by encrypting disk and state of virtual machines so only VM or tenant admins can access it.

In addition, we are also protecting the fabric with a new Windows Server feature: the Host Guardian Service. When a shielded virtual machine is turned on, the Host Guardian Service (HGS) checks to see if the hosts are allowed to run the Shielded VM. This is accomplished through attestation and hardware based boot measurements along with a new feature: Code integrity to determine whether a host meets the criteria as a healthy host and may run the Shielded VM.

If you’re looking for more information on Shielded VMs, please check out the Shielded VMs documentation and the Shielded VMs infographic. Give it a try with our free Windows Server Virtual Lab.

Finally, a huge thanks to all of you for your feedback on Windows Server 2016. We’ve been listening closely and tuning it based on your input.