.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
How should the Host Guardian Service (HGS) be hosted
Learn the best way to host the Host Guardian Service
John Savill
June 1, 2016
1 Min Read
Q. How should I host the Host Guardian Service (HGS) instance?
A. The Host Guardian Service (HGS) holds the keys to the security of your shielded VMs which means how you host it is very important. It needs to be highly available as without it no shielded VMs can start but also will ideally be isolated from the virtualization administrators to enable complete separation of duties.
It cannot itself be a shielded VM since it would not be able to start without the HGS being available which it would not be since it is the HGS (a similar chicken and egg situation that failover clustering used to have with AD).
The best practice is to therefore to host the HGS in a separate physical cluster. This has the benefit of being separate from the virtualization environment but also can be hardened by additional levels of physical security such as a locked cage guarded by a 7 foot MMA fighter named Olaf.
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
