The Host Guardian Service (HGS) is a server role introduced in Windows Server 2016 for configuring guarded hosts and running shielded VMs (shielded virtual machines) in Windows Server and System Center Virtual Machine Manager.
The Host Guardian Service Role specifically provides Attestation and Key Protections services that are needed to enable Hyper-V to run Shielded VMs. The Attestation services validate a Hyper-V host as a “guarded host,” which then enables the Key Protection service to provide the transport key required to unlock and subsequently run Shielded VMs.
The Host Guardian Service serves as a critical security component in protecting the transport key, and works in conjunction with other Windows Server 2016 components to ensure high security levels for Shielded VMs.