This section describes how to deploy shielded VMs in VMM 2016. You will also learn about template disks and shielded data files, which are used to create shielded VM templates.
Before you start, verify that HGS and guarded hosts are configured and that you have set global HGS settings in VMM (see the previous recipes for details).
The first thing you need to do is prepare an OS gold image (VHDX) that will be used to create shielded VMs in VMM. Because shielded VMs are not regular VMs and BitLocker is used, the image must meet additional requirements:
- Must be a GPT disk (this is needed for Gen2 VMs to support UEFI)
- The logical disk type must be basic (as BitLocker does not support dynamic disks)
- The logical disk must have at least two partitions (one is dedicated to Windows installation, another is active and contains the bootloader)
- The filesystem must be NTFS (usually it's set by default)
- You can install and generalize...