Bolster Hyper-V 2016 security with improved virtual hardware capabilities, secure boot features and a strict adherence...
to the latest patches and updates.
Generally, a secure guest VM starts with the use of Generation 2 VMs. Generation 2 VMs use advanced virtual hardware capabilities available with Windows Server 2012 R2 and later. Not only does this improve VM boot time and performance, it also supports the native use of Linux Secure Boot capabilities from the hypervisor rather than the lower-level Unified Extensible Firmware Interface. This helps prevent unknown or unauthorized OS or firmware code from running at boot time. Only known code that has been digitally signed can start on the Hyper-V host.
To boost Hyper-V 2016 security and protect the guest OS, it's usually prudent to install the latest patches and security updates for a guest OS before you turn the VM on in production. It's may also be worthwhile to harden the guest OS in each VM by installing the minimum components for the necessary role, configuring the OS to meet security practices, and only authorizing access to guest VMs and OSes to administrators.
For even stronger guest VM security, it's possible to connect guest VMs that use virtual private networks, but you should make sure that the virtual network adapters connect to the proper virtual switches with the appropriate security settings. You can combine secure networks with encryption to protect storage resources and guard data at rest and in flight.
VMs on later versions of Windows Server can use guarded fabric technology to create shielded VMs and deploy those shielded VMs to host systems using the host guardian service. This Hyper-V 2016 security technology encrypts VMs and ensures that VMs only decrypt, start and operate on known host systems that software or hardware attestation -- Active Directory or Trusted Platform Module 2.0, respectively -- have checked and approved. This way, a shielded VM only runs on a known, trusted host system.
Dig Deeper on Microsoft Hyper-V and Virtual Server
Related Q&A from Stephen J. Bigelow
Get to know VMware vSphere's Admission Control tool and use it to reserve the resources necessary for VM failover with cluster resource calculations ... Continue Reading
Use heartbeats, VM monitoring and application monitoring to fully examine the causes of VM unresponsiveness. Adjust sensitivity levels to focus on ... Continue Reading
Combine Distributed Resource Scheduler and vSphere High Availability to design balanced failover clusters. Pay attention to affinity rules, which can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.