Create shielding data

Before you can create a shielded virtual machine, you must create a shielding data PDK file and upload it.

To create a shielding data PDK file, follow these steps:

1. Sign in to the Windows Azure Stack portal as a tenant.

2. Subscribe to an offer that includes shielded virtual machine support.

3. Click Virtual Machines and then click Shielding Data.

4. Click Download Guardian to get the Guardian Key file and save it as c:\temp\14300.xml.

5. Click Download Catalog and save the file as c:\temp\14300.vsc.

6. Run the following PowerShell commands to create the PDK file:

   Import-Module ShieldedVMDataFile
   Import-Module ShieldedVMDataFile
   Set-HgsClientConfiguration –EnableLocalMode
   Import-HgsGuardian -FilePath "C:\temp\14300.xml" -Name Fabric -AllowUntrustedRoot
   New-HgsGuardian –Name DefaultOwner –GenerateCertificates –ErrorAction SilentlyContinue 
   $pdkOwner = Get-HgsGuardian -Name DefaultOwner
   $pdkGuardian =  Get-HgsGuardian -Name Fabric
   $pdkPath = "C:\temp\14300.pdk"
   $vscPath = "C:\temp\14300.vsc"
   $unattendPath = "C:\temp\unattend.xml "
   $otherfilesPath = "C:\temp\myfakerdpcertpwd.pfx"
   $volumeIDQualifier = @(New-VolumeIDQualifier -VolumeSignatureCatalogFilePath $vscpath -VersionRule Equals)
   Protect-ShieldingDataFile -ShieldingDataFilePath $pdkPath -Owner $pdkOwner -Guardian $pdkGuardian -VolumeIDQualifier $volumeIDQualifier -WindowsUnattendFile $unattendPath -OtherFile $otherfilesPath –Force
   

To upload a shielding data PDK file, follow these steps:

1. Click Virtual Machines and then click Shielding Data.

2. Click 4) Upload shielding data.

3. Click Browse for file and navigate to the PDK file.

4. Type a Friendly name and Description, and then click the checkmark.