Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The topics in this section describe the steps that a fabric administrator takes to configure Hyper-V hosts to work with the Host Guardian Service (HGS). Before you can start these steps, at least one node in the HGS cluster must be set up.
For TPM-trusted attestation:
- Configure the fabric DNS: Tells how to set up a DNS forwarder from the fabric ___domain to the HGS ___domain.
- Capture information required by HGS: Tells how to capture TPM identifiers (also called platform identifiers), create a Code Integrity policy, and create a TPM baseline. Then you will provide this information to the HGS administrator to configure attestation.
- Confirm guarded hosts can attest
For host key attestation:
- Create a host key: Tells how to set up a DNS forwarder from the fabric ___domain to the HGS ___domain.
- Add the host key to the attestation service: Tells how to set up an Active Directory security group in the fabric ___domain, add guarded hosts as members of that group, and provide that group identifier to the HGS administrator.
- Confirm guarded hosts can attest
For Admin-trusted attestation:
- Configure the fabric DNS: Tells how to set up a DNS forwarder from the fabric ___domain to the HGS ___domain.
- Create a security group: Tells how to set up an Active Directory security group in the fabric ___domain, add guarded hosts as members of that group, and provide that group identifier to the HGS administrator.
- Confirm guarded hosts can attest