Join us for a virtual Nutanix User Group meeting with Jarian Gibson as he covers Nutanix Cloud Clusters (NC2) on Azure and AWS with Citrix. <\/span><\/p>

Jarian will take a deep dive into NC2 on Azure architecture and Citrix on NC2 on Azure\u00a0that helps you strengthen your business continuity and disaster recovery position. He\u2019ll also provide the latest updates for NC2 on AWS.<\/span><\/p>

Plus, we're\u00a0giving away a Nutanix suitcase to one lucky winner!\u00a0Opt-in when you register\u00a0to be entered to win.\u00a0<\/p>","author":{"id":113632,"url":"\/members\/karlie-beil-113632","name":"Karlie Beil","avatar":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/icon\/200x200\/1581aab3-bcf6-49f4-b2fb-3d11e8c010dc.png","userTitle":"Community Manager","rank":{"isBold":false,"isItalic":false,"isUnderline":false,"name":"Community Manager","color":"#0873ba"},"userLevel":4},"type":"Webinar","url":"https:\/\/next.nutanix.com\/events\/global-nug-nc2-on-azure-and-aws-with-citrix-151","image":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/f9693b5b-436b-427a-9b98-531b4040ff24_thumb.png","location":"","startsAt":1678298400,"endsAt":1678302000,"contentType":"event","attendees":[],"attendeeCount":0,"isLoggedInUserAttendee":false,"createdAt":"1675974969"},"phrases":{"Forum":{"{n} year|{n} years":"{n} year|{n} years","{n} month|{n} months":"{n} month|{n} months","{n} day|{n} days":"{n} day|{n} days","{n} hour|{n} hours":"{n} hour|{n} hours","{n} minute|{n} minutes":"{n} minute|{n} minutes","just":"just now","{plural} ago":"{plural} ago"}}}">

问题

凭证守卫


徽章 +1
可以通过GPO启用凭证守护,以供在AHV中运行的2016年服务器?还是仅适用于在HyperV主机上运行的服务器?

该主题已关闭以供评论

5个答复

我也想学习这一点。我认为AHV不支持它。这是我到目前为止发现的



https://docs.microsoft.com/en-us/windows/security/indesity-protection/credential-guard/credential-guard-requirentess



硬件和软件要求

为了提供针对OS级别的基本保护,试图阅读凭据Manager域凭据,NTLM和Kerberos衍生的凭据,Windows Defender凭据Guard使用:


  • 支持基于虚拟化的安全性(必需)
  • 固定靴子(必需)
  • TPM 1.2或2.0,无论是离散或固件(首选 - 提供对硬件的绑定)
  • UEFI锁(首选 - 防止攻击者使用简单的注册表密钥更改禁用)

https://portal.nutanix.com/#/page/docs/details?targetID=AHV-ADMIN-GUIDE-V51:VMM-VM-VM-VM-DRIVER-DRIVER-TYPES-R.HTML



统一的可扩展固件接口(UEFI)支持来宾VM

AHV不支持在UEFI模式下创建的VM。
现在应该已经改变了。显然,您可以设置“ uefi_boot = true” ..如果有效,请分享。我也希望为AHV VM设置凭证守护。



https://portal.nutanix.com/#/page/docs/details?targetId=amf_guide-acr_v4_6:vm__vm__vm_driver_types_r.html



“ SSH进入Nutanix accolis并运行以下命令:acli vm.update uefi_boot = true。”

https://docs.citrix.com/en-us/provisioning/current-release/citrix-provisioning-1909.pdf
徽章 +3

没有人回馈吗?

显然,VMware也支持这一点:

https://blogs.vmware.com/vsphere/2018/05/introducing-support-virtualization-security-credential-credential-guard-vsphere-6-7.html

那么,有人将其用于AHV吗?

UserLevel 6
徽章 +5

嗨,Stevecharon和 @sunilm

Windows Defender凭证守卫的支持肯定即将到来。我现在无法透露细节。我只能说很快。

我还想鼓励您查看与您正在运行的版本最相关的文档。

自5.11以来,UEFI Guest VM得到了支持。AHV管理指南5.15:UEFI对VM的支持。

Nutanix VM上的凭证守护状态是什么?我已经使用UEFI创建了一个新的VM,Secure Boot和启用了凭证Guard,但我无法正常工作。GPO启用了凭证后卫,但仍然不会运行。当我查看设备安全性时,它说“不支持标准硬件安全性”,并且TPM.MSC中没有兼容的TPM。

Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu