Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shielded VM and Guarded Fabric

Published byTheresa Francis Modified over 6 years ago

Similar presentations

Presentation on theme: "Shielded VM and Guarded Fabric"— Presentation transcript:

1 Shielded VM and Guarded Fabric
Protect VM data from compromised storage, networks, admins and malware John Joyner Senior Director, Technology ClearPointe System Center MVP Robert robertanddpm.blogspot.com

2 John Joyner Robert Hedblom @john_joyner @RobertandDPM
Microsoft MVP Cloud & Datacenter, 9 years Microsoft MVP Cloud & Datacenter, 7 years MSP industry pioneer, Co-author SCOM Unleashed series 20 y IT, 15 y BC, 10 y SC Favorite vehicle is a Jeep Wrangler Favorite food is “dead and cooked”

3 Shielded VM and Guarded Fabric
Protect VM data from compromised storage, networks, admins and malware

4 Attack Vectors in a Virtualized Environment
Source: Washington Univ.

5 Ransomeware Attack Timeline
In the yellow zone is where Shielded VMs show their value. Host is compromised but tenant data is not vulnerable.

6 Legacy Approach: Protect Host from Hostile Guests
Source: RedHat

7 VMWare NSX “Host Based Firewall”
Source: VMWare

8 Two vectors threaten data on tenant VMs

9 Security Overview: Windows Server 2016

10 A Better Approach: Microsoft Shielded VMs
Source: Microsoft

11 Solution: Shielded VM and Guarded Fabric
The goal of the Guarded Fabric solution is to provide hosting service providers and private cloud operators the ability to offer their tenant administrators a hosted environment where protection for tenant virtual machine data is strengthened against threats from compromised storage, networks, host administrators, and malware.

12 Solution Assurances As a cloud service provider or enterprise private cloud administrator, you can provide a secure, “admin-trusted” (or alternatively, “hardware-trusted”) environment for tenant VMs where: You are assured that Windows Server has built-in breach hardening capabilities spanning from secure and measured boot, code integrity and protection for high value operating system security secrets and operations from malicious code on the Hyper-V host, and You are assured that you can provide a secure hardware trusted environment for tenant VMs where the VM data is protected from malicious host administrators and malware.

13 Solution Topology

14 Shielded VMs: Building Blocks

15 Deploy: Shielded VM and Guarded Fabric

16 You can build an infrastructure for guarded hosts and “shielded VMs”.
Scenario Validation 1: You can build an infrastructure for guarded hosts and “shielded VMs”. Hosts can build a cloud service and offer shielded VM functionality using the Windows Azure Pack Portal.

17 Scenario Validation 2: Tenants can create new or use existing VMs and be able to convert them to shielded VMs. Tenants can use Windows Azure Pack to create and manage shielded VMs in Windows Azure Pack.

18 Scenario Validation 3: Tenants can export VMs and grant permission to either a cloud service provider or an enterprise cloud operator to be guardian, and are assured of security and data-at-rest encryption. Tenants can create new VMs from a VMM template and be assured that the base images used for template creation are trusted and have not been tampered with. During VM creation from a VMM template, tenants can provide input for computer names and administrator passwords in secure manner without exposing sensitive information to fabric administrators.

19 Scenario Validation 4: Cloud service providers and enterprise administrators can use Live Migrate or Live (VSM) virtual machines between guarded hosts in the same way they did prior to deploying the Guarded Fabric solution. Cloud service providers and enterprise administrators can back up, checkpoint and restore shielded VMs as per normal procedure.

20 Operate: Shielded VM and Guarded Fabric

21 And Then … Discuss: Evaluations:
Ask your questions-real world answers! Plenty of time to engage, share knowledge. Discuss: Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS!

22 Section Header This is the next section

23 Title Line1 Line2 Line3 Line4 Line5 Line6 Bullet Level 1

24 Title Code

25 Text Only with Border Level 1 Level 2 Level 3

26 Text Only without Border
Level 1 Level 2 Level 3

27 Title Text 1 Level 1 Level 2 Level 3 Text 2 Level 1 Level 2 Level 3

28 Title Text Text Section 1 Section 2 Level 1 Level 1 Level 2 Level 2

29 Demo Title

30

31

32

33

34

35

36

37

38

39

Download ppt "Shielded VM and Guarded Fabric"

Similar presentations

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Don’t pay for Linux Guests

Don’t pay for Linux Guests
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Service Management API Management Portal Service Provider Foundation SPF Web Server Stamp2 SPF DB VMM Server 2 Stamp1 VMM Server 1 Stamp scale.

Service Management API Management Portal Service Provider Foundation SPF Web Server Stamp2 SPF DB VMM Server 2 Stamp1 VMM Server 1 Stamp scale.
Automating Microsoft Azure with PowerShell MMS Minnesota 2014 Trevor Sullivan and David O’Brien – #MMSMinnesota.

Automating Microsoft Azure with PowerShell MMS Minnesota 2014 Trevor Sullivan and David O’Brien – #MMSMinnesota.
Microsoft Virtual Academy.

Microsoft Virtual Academy.
From Virtualization Management to Private Cloud with SCVMM 2012 Dan Stolts Sr. IT Pro Evangelist Microsoft Corporation

From Virtualization Management to Private Cloud with SCVMM 2012 Dan Stolts Sr. IT Pro Evangelist Microsoft Corporation
What’s New with Windows Server 2012 and Microsoft System Center 2012 SP1 Vijay Tewari Principal Group Program Manager Microsoft Corporation.

What’s New with Windows Server 2012 and Microsoft System Center 2012 SP1 Vijay Tewari Principal Group Program Manager Microsoft Corporation.
Windows 10 Setup InternalsWindows 10 Setup Internals Johan

Windows 10 Setup InternalsWindows 10 Setup Internals Johan
Are you Ready for Configuration Manager vNext?

Are you Ready for Configuration Manager vNext?
Define, bundle, deployDefine, bundle, deploy Working with Windows Server Containers and Docker James David O’Brien.

Define, bundle, deployDefine, bundle, deploy Working with Windows Server Containers and Docker James David O’Brien.
ConfigMgr! Intune! Azure!ConfigMgr! Intune! Azure! Understanding Cloud Based Management Options Steven Rachui

ConfigMgr! Intune! Azure!ConfigMgr! Intune! Azure! Understanding Cloud Based Management Options Steven Rachui
Monitoring and Managing the Hybrid Cloud with System Center

Monitoring and Managing the Hybrid Cloud with System Center
Managing Third Party Updates with Microsoft’s System Center Configuration Manager Secunia Integration, MMS 2015 Kent AgerlundSherry Kissinger.

Managing Third Party Updates with Microsoft’s System Center Configuration Manager Secunia Integration, MMS 2015 Kent AgerlundSherry Kissinger.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Nano ServerNano Server The Future of Window Server Mikael Johan

Nano ServerNano Server The Future of Window Server Mikael Johan
House of tails dogs charity All donations go 100% to the charity #MMSGIVEBACK.

House of tails dogs charity All donations go 100% to the charity #MMSGIVEBACK.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”

Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
Introduction to Administering a SQL Server Matthew Steve Thompson, stevethompsonmvp.wordpress.com.

Introduction to Administering a SQL Server Matthew Steve Thompson, stevethompsonmvp.wordpress.com.

Similar presentations

Ads by Google