Shielded VM and Guarded Fabric

Slides:



Advertisements
Similar presentations
Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.
Advertisements

System Center 2012 R2 Overview
Don’t pay for Linux Guests
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Service Management API Management Portal Service Provider Foundation SPF Web Server Stamp2 SPF DB VMM Server 2 Stamp1 VMM Server 1 Stamp scale.
Automating Microsoft Azure with PowerShell MMS Minnesota 2014 Trevor Sullivan and David O’Brien – #MMSMinnesota.
Microsoft Virtual Academy.
From Virtualization Management to Private Cloud with SCVMM 2012 Dan Stolts Sr. IT Pro Evangelist Microsoft Corporation
What’s New with Windows Server 2012 and Microsoft System Center 2012 SP1 Vijay Tewari Principal Group Program Manager Microsoft Corporation.
Windows 10 Setup InternalsWindows 10 Setup Internals Johan
Are you Ready for Configuration Manager vNext?
Define, bundle, deployDefine, bundle, deploy Working with Windows Server Containers and Docker James David O’Brien.
ConfigMgr! Intune! Azure!ConfigMgr! Intune! Azure! Understanding Cloud Based Management Options Steven Rachui
Monitoring and Managing the Hybrid Cloud with System Center
Managing Third Party Updates with Microsoft’s System Center Configuration Manager Secunia Integration, MMS 2015 Kent AgerlundSherry Kissinger.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Nano ServerNano Server The Future of Window Server Mikael Johan
House of tails dogs charity All donations go 100% to the charity #MMSGIVEBACK.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
Introduction to Administering a SQL Server Matthew Steve Thompson, stevethompsonmvp.wordpress.com.
XPlatform ManagementxPlatform Management Windows Provisioning from *nix David James.
Introduction to T-SQL – Part Deux Matthew Sherry Kissinger kissinger.
Optimize the Business with Microsoft Datacenter Services 2.0
OS Deployment - LEVEL 500OS Deployment - LEVEL 500 Johan
Sweet SUITE Imaging MMS Minnesota 2014 #MMSMinnesota #MMSConfigMgr #MMSLove Steven Rachui Premier Field Engineer Microsoft Corporation
ALL INFORMATION PRESENTED AS WELL AS ALL SESSIONS ARE MICROSOFT CONFIDENTIAL AND UNDER YOUR NON-DISCLOSURE AGREEMENT (NDA) AND\OR TECHNOLOGY PREVIEW.
| Basel Fabric Management with Virtual Machine Manager Philipp Witschi – Cloud Architect & Microsoft vTSP Thomas Maurer – Cloud Architect & Microsoft MVP.
Inventory Monitor Protect InfraToolsProcessBusiness Requirements Deploy Configure Migrate Tools Service Provider “Service Admin Fabric Admin” Application.
Azure Pack vs. Azure Stack
Long Live Azure Automation!Long Live Azure Automation! Cloud-first Configuration Management and Automation Beth Cooper Program Manager.
Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E.
In Depth Azure StackIn Depth Azure Stack Resource Providers Damian Flynn MVP Daniel Savage Microsoft.
Microsoft Virtual Academy
ArcGIS for Server Security: Advanced
Windows 2012R2 Hyper-V and System Center 2012
Run Azure Services in your datacenter
Microsoft Azure Virtual Machines
Volume Licensing Readiness: Level 100
Business Continuity Robert Hedblom | sumNERV John Joyner | ClearPointe
SCOM and OMS a Love Story
Volume Licensing Readiness: Level 100
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
UCS Director: Tenant Onboarding
Windows Server* 2016 & Intel® Technologies
Introducing Windows Server 2016
Microsoft Virtual Academy
Migrating Infrastructure to Microsoft Azure
A Fast Track into Device Guard
Infrastructure Provisioning Kenon Owens Sr
Volume Licensing Readiness: Level 100
Windows Azure Pack : Express Installation
Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>
Actual Microsoft Free Practice Questions
VCE Dumps
Managing Clouds with VMM
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
TechEd /28/ :51 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Virtual Academy
Managing Services with VMM and App Controller
Microsoft Virtual Academy
TechReady 16 1/12/2019 MDC-B351 How to Design and Configure Networking in Microsoft System Center Part 2 of 2 Greg Cusanza Senior Program Manager, Microsoft.
Nero Blanco Service Offering – Disaster Recovery as a Service
MDC-B203 Deploying Applications in Microsoft System Center Virtual Machine Manager Using Services John Messec Program Manager Microsoft.
Mikael Nystrom MVP Setup/Deployment TrueSec
Day 2, Session 2 Connecting System Center to the Public Cloud
Monitor VMware with SC2012 SP1 Operation Manager & Veeam Microsoft Tools for VMware Integration & Migration Symon Perriman Michael Stafford Senior.
Microsoft Virtual Academy
Microsoft Virtual Academy
06 | SQL Server and the Cloud
Presentation transcript:

Shielded VM and Guarded Fabric Protect VM data from compromised storage, networks, admins and malware John Joyner John.Joyner@clearpointe.com Senior Director, Technology ClearPointe System Center MVP Robert Hedblom @RobertandDPM robertanddpm.blogspot.com

John Joyner Robert Hedblom @john_joyner @RobertandDPM Microsoft MVP Cloud & Datacenter, 9 years Microsoft MVP Cloud & Datacenter, 7 years MSP industry pioneer, Co-author SCOM Unleashed series 20 y IT, 15 y BC, 10 y SC Favorite vehicle is a Jeep Wrangler Favorite food is “dead and cooked”

Shielded VM and Guarded Fabric Protect VM data from compromised storage, networks, admins and malware

Attack Vectors in a Virtualized Environment Source: Washington Univ.

Ransomeware Attack Timeline In the yellow zone is where Shielded VMs show their value. Host is compromised but tenant data is not vulnerable.

Legacy Approach: Protect Host from Hostile Guests Source: RedHat

VMWare NSX “Host Based Firewall” Source: VMWare

Two vectors threaten data on tenant VMs

Security Overview: Windows Server 2016

A Better Approach: Microsoft Shielded VMs Source: Microsoft

Solution: Shielded VM and Guarded Fabric The goal of the Guarded Fabric solution is to provide hosting service providers and private cloud operators the ability to offer their tenant administrators a hosted environment where protection for tenant virtual machine data is strengthened against threats from compromised storage, networks, host administrators, and malware.

Solution Assurances As a cloud service provider or enterprise private cloud administrator, you can provide a secure, “admin-trusted” (or alternatively, “hardware-trusted”) environment for tenant VMs where: You are assured that Windows Server has built-in breach hardening capabilities spanning from secure and measured boot, code integrity and protection for high value operating system security secrets and operations from malicious code on the Hyper-V host, and You are assured that you can provide a secure hardware trusted environment for tenant VMs where the VM data is protected from malicious host administrators and malware.

Solution Topology

Shielded VMs: Building Blocks

Deploy: Shielded VM and Guarded Fabric

You can build an infrastructure for guarded hosts and “shielded VMs”. Scenario Validation 1: You can build an infrastructure for guarded hosts and “shielded VMs”. Hosts can build a cloud service and offer shielded VM functionality using the Windows Azure Pack Portal.

Scenario Validation 2: Tenants can create new or use existing VMs and be able to convert them to shielded VMs. Tenants can use Windows Azure Pack to create and manage shielded VMs in Windows Azure Pack.

Scenario Validation 3: Tenants can export VMs and grant permission to either a cloud service provider or an enterprise cloud operator to be guardian, and are assured of security and data-at-rest encryption. Tenants can create new VMs from a VMM template and be assured that the base images used for template creation are trusted and have not been tampered with. During VM creation from a VMM template, tenants can provide input for computer names and administrator passwords in secure manner without exposing sensitive information to fabric administrators.

Scenario Validation 4: Cloud service providers and enterprise administrators can use Live Migrate or Live (VSM) virtual machines between guarded hosts in the same way they did prior to deploying the Guarded Fabric solution. Cloud service providers and enterprise administrators can back up, checkpoint and restore shielded VMs as per normal procedure.

Operate: Shielded VM and Guarded Fabric

And Then … Discuss: Evaluations: Ask your questions-real world answers! Plenty of time to engage, share knowledge. Discuss: Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS!

Section Header This is the next section

Title Line1 Line2 Line3 Line4 Line5 Line6 Bullet Level 1

Title Code

Text Only with Border Level 1 Level 2 Level 3

Text Only without Border Level 1 Level 2 Level 3

Title Text 1 Level 1 Level 2 Level 3 Text 2 Level 1 Level 2 Level 3

Title Text Text Section 1 Section 2 Level 1 Level 1 Level 2 Level 2

Demo Title