Virtualization Based Security (VBS) with vSphere 6.7

Discussion in 'VMware, VirtualBox, Citrix' started by BSDguy, Oct 20, 2018.

  1. BSDguy

    BSDguy Member

    Joined:
    Sep 22, 2014
    Messages:
    167
    Likes Received:
    7
    I've just upgraded to vSphere 6.7 Update 1 and one of the first things I wanted to start experimenting with is Virtualization Based Security (VBS) in my VMs. I have a Win2016 and Win2019 VM I have installed with hardware version 14 and VMware Tools 10338. Windows is patched with October 2018's updates.

    I've read a few articles on enabling VBS but there are some discrepencies so I wanted to list the steps I followed to see if I am installing/configuring VBS correctly:

    1. Shut down VM and tick the "Enable" box next to Virtualization Based Security under VM options
    2. Power VM on
    3. In VM open gpedit.msc and browse to:


    Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security - Set to Enable and configure options as follows:

    Select Platform Security level : Secure Boot and DMA Protection
    Virtualization Based Protection of Code Integrity : Enabled with UEFI lock
    Credential Guard Configuration : Enabled with UEFI lock

    4. Reboot server

    5. This is where I am confused. Some articles say you have to enable/install the Hyper-V feature and reboot (others don't mention enabling Hyper-V). On my one test VM I haven't installed Hyper-V yet but after completing up to step 4. above VBS appears to be working/running:



    [​IMG]



    So my questions are, do I need to install/enable Hyper-V for VBS to work? On my second test VM I did install the Hyper-V feature and VBS looked identical to the screenshot above that shows VBS running.

    So I'm confused, do I need to install/enable Hyper-V or can I just follow the first 4 steps above to get VBS installed and working correctly?

    My goal is to enable VBS on all my VMs.
     
    #1
  2. ecosse

    ecosse Active Member

    Joined:
    Jul 2, 2013
    Messages:
    293
    Likes Received:
    41
    Interesting - I need to look at this! According to Enable Virtualization-based Security on the Guest Operating System you only need Hyper-V if your Windows 10 release is less than Redstone 4. Does this help?
     
    #2
  3. BSDguy

    BSDguy Member

    Joined:
    Sep 22, 2014
    Messages:
    167
    Likes Received:
    7
    Yeah it does, thanks. I've enabled VBS in all my VMs so will be interesting to see how this goes.

    Can VBS be enabled/installed in Core edition of Windows 2016/2019?
     
    #3
Similar Threads: Virtualization Based
Forum Title Date
VMware, VirtualBox, Citrix ESXI 6.7 GPU PassThrough and "Expose hardware assisted virtualization to the guest OS" not working. May 22, 2018
VMware, VirtualBox, Citrix virtualization on Quanta WindMill newbie questions Dec 10, 2017
VMware, VirtualBox, Citrix Passthrough storage for virtualization? Aug 14, 2016
VMware, VirtualBox, Citrix Home Virtualization Storage / Trying out different hypervisors Sep 3, 2015
VMware, VirtualBox, Citrix Ramdisk virtualization madness. [Debian/KVM/VGA passthrough] Jul 4, 2014

Share This Page