.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Using shielded VMs in a cluster
John Savill explains how to use shielded virtual machines in a cluster environment.
John Savill
April 19, 2016
1 Min Read
Q. Can I use shielded VMs in a cluster?
A. Windows Server 2016 Hyper-V introduces shielded VMs as explained at http://windowsitpro.com/hyper-v/super-secure-hyper-v-environments-shielded-vms-2016 and initially it may seem like these won't work in a clustered environment where VMs move between hosts. However this is not the case when you look in detail at how the shielded VM functionality actually works. There is no direct link between the virtual TPM of a VM and the TPM of the Hyper-V host.
The vTPM content is stored in the VMs runtime state data file (VMRS file) and access to this is enabled through keys that are gained from the Host Guardian Service once the Hyper-V host has proven its health and right to access. One of these ways is through TPM-based attestation that utilizes the TPM in the Hyper-V host however there is still no direct link between its TPM and the vTPM of the VM. This means VMs can move between hosts in a cluster even when protected by shielded VM functionality.
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
