bluebay2014 - Fotolia
Bolster Hyper-V 2016 security with improved virtual hardware capabilities, secure boot features and a strict adherence to the latest patches and updates.
Generally, a secure guest VM starts with the use of Generation 2 VMs. Generation 2 VMs use advanced virtual hardware capabilities available with Windows Server 2012 R2 and later. Not only does this improve VM boot time and performance, it also supports the native use of Linux Secure Boot capabilities from the hypervisor rather than the lower-level Unified Extensible Firmware Interface. This helps prevent unknown or unauthorized OS or firmware code from running at boot time. Only known code that has been digitally signed can start on the Hyper-V host.
To boost Hyper-V 2016 security and protect the guest OS, it's usually prudent to install the latest patches and security updates for a guest OS before you turn the VM on in production. It's may also be worthwhile to harden the guest OS in each VM by installing the minimum components for the necessary role, configuring the OS to meet security practices, and only authorizing access to guest VMs and OSes to administrators.
For even stronger guest VM security, it's possible to connect guest VMs that use virtual private networks, but you should make sure that the virtual network adapters connect to the proper virtual switches with the appropriate security settings. You can combine secure networks with encryption to protect storage resources and guard data at rest and in flight.
VMs on later versions of Windows Server can use guarded fabric technology to create shielded VMs and deploy those shielded VMs to host systems using the host guardian service. This Hyper-V 2016 security technology encrypts VMs and ensures that VMs only decrypt, start and operate on known host systems that software or hardware attestation -- Active Directory or Trusted Platform Module 2.0, respectively -- have checked and approved. This way, a shielded VM only runs on a known, trusted host system.
Dig Deeper on Microsoft Hyper-V and Virtual Server
Related Q&A from Stephen J. Bigelow
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading
Senior technology editor Stephen Bigelow breaks down how AWS Storage Gateway can trip up users' hybrid cloud strategies. Beware these issues with ... Continue Reading
There is a small list of enterprise-class deployments and integrations known to run on VMware Cloud on AWS, but not all complex workloads are suited ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.