Shielded VMs

Shielded VMs, or Shielded Virtual Machines, are a security feature introduced in Windows Server 2016 for protecting Hyper-V Generation 2 virtual machines (VMs) from unauthorized access or tampering.

Hyper-V Shielded VMs are protected through a combination of Secure Boot, BitLocker encryption, Virtual Trusted Platform Module (TPM) and the Host Guardian Service.

How Hyper-V Shielded VMs Work

Shielded VMs boot from a virtual Unified Extensible Firmware Interface (UEFI) as opposed to a traditional BIOS, providing Secure Boot protection and enabling BitLocker disk encryption inside the VM’s virtual disks. The BitLocker encryption handles protecting the data both at rest and when being transmitted across the network during Live Migrations.

The Host Guardian Service, a new role in Windows Server 2016, enables shielded virtual machines, protecting them from unauthorized access by Hyper-V host administrators. As a result, any administrator without full rights to a Shielded VM will be able to power it on or off, but they won’t be able to alter its settings or view the contents of the VM in any way.

Shielded VMs require Windows Server 2012 or Windows 8 or later, and they will not run unless the Hyper-V host is on the Host Guardian Service. New Shielded Virtual Machines can be created within the Azure Pack management portal, and existing VMs can be converted to shielded VMs.

Forrest Stroud
Forrest Stroud
Forrest is an experienced, entrepreneurial and well-rounded professional with 15+ years covering technology, business software, website design, programming and more.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

Text Abbreviations reviewed by Web Webster   From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

First to Fifth Generations of Computers

Reviewed by Web Webster   Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Heuristic Definition and Meaning

Heuristic, pronounced hyoo-ri-stihk, is a Greek term for individually finding or discovering. In...

Hackerspace Definition & Meaning

What is a hackerspace? A hackerspace, also known as a hacklab, incubator, or hackspace,...

Random Access Memory (RAM)...

Random Access Memory (RAM) reviewed by Web Webster   Random Access Memory (RAM) is a...