Table of contents
TOC
Collapse the table of content
Expand the table of content

Deploy guarded hosts

Ryan Puffer|Last Updated: 3/8/2017
|
2 Contributors

Applies To: Windows Server 2016

The topics in this section describe the steps that a fabric administrator takes to configure Hyper-V hosts to work with the Host Guardian Service (HGS). Before you can start these steps, at least one node in the HGS cluster must be set up.

For Admin-trusted attestation:

  1. Configure the fabric DNS: Tells how to set up a DNS forwarder from the fabric domain to the HGS domain.
  2. Create a security group: Tells how to set up an Active Directory security group in the fabric domain, add guarded hosts as members of that group, and provide that group identifier to the HGS administrator.
  3. Confirm guarded hosts can attest

For TPM-trusted attestation:

  1. Configure the fabric DNS: Tells how to set up a DNS forwarder from the fabric domain to the HGS domain.
  2. Capture information required by HGS: Tells how to capture TPM identifiers (also called platform identifiers), create a Code Integrity policy, and create a TPM baseline. Then you will provide this information to the HGS administrator to configure attestation.
  3. Confirm guarded hosts can attest

See also

© 2017 Microsoft