Deploy guarded hosts
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
The topics in this section describe the steps that a fabric administrator takes to configure Hyper-V hosts to work with the Host Guardian Service (HGS). Before you can start these steps, at least one node in the HGS cluster must be set up.
For TPM-trusted attestation:
- Configure the fabric DNS: Tells how to set up a DNS forwarder from the fabric domain to the HGS domain.
- Capture information required by HGS: Tells how to capture TPM identifiers (also called platform identifiers), create a Code Integrity policy, and create a TPM baseline. Then you will provide this information to the HGS administrator to configure attestation.
- Confirm guarded hosts can attest
For host key attestation:
- Create a host key: Tells how to set up a DNS forwarder from the fabric domain to the HGS domain.
- Add the host key to the attestation service: Tells how to set up an Active Directory security group in the fabric domain, add guarded hosts as members of that group, and provide that group identifier to the HGS administrator.
- Confirm guarded hosts can attest
For Admin-trusted attestation:
- Configure the fabric DNS: Tells how to set up a DNS forwarder from the fabric domain to the HGS domain.
- Create a security group: Tells how to set up an Active Directory security group in the fabric domain, add guarded hosts as members of that group, and provide that group identifier to the HGS administrator.
- Confirm guarded hosts can attest
Additional References
Geri Bildirim
https://aka.ms/ContentUserFeedback.
Çok yakında: 2024 boyunca, içerik için geri bildirim mekanizması olarak GitHub Sorunları’nı kullanımdan kaldıracak ve yeni bir geri bildirim sistemiyle değiştireceğiz. Daha fazla bilgi için bkz.Gönderin ve geri bildirimi görüntüleyin