Securing Hyper-V with the Virtual Machine Generation Identifier

Securing Hyper-V with the Virtual Machine Generation Identifier

Q: What is the goal of the new Virtual Machine Generation Identifier that Microsoft introduced for uniquely identifying Virtual Machines in Windows Server 2012 Hyper-V? Does it serve any security goal?

A: The virtual machine generation Identifier is a cryptographically random identifier that is different every time a Hyper-V virtual machine (VM) executes from a different configuration file – for example, when the VM executes from a recovered snapshot, or when it runs after being restored from a backup image. Thanks to the VM Generation ID, cryptographic and synchronization software will work correctly inside VMs that have been restored or recovered.

The VM Generation ID can assure that the random data that are generated inside a recovered or restored VM will have a sufficient level of entropy so they are reliable and can be used by security applications.

The VM Generation ID is also essential for making replication mechanisms such as Active Directory replication work correctly between different physical and virtual (some of which possibly have been recovered or restored) operating system instances.

A detailed overview the Virtual Machine Generation Identifier is provided in the Microsoft white paper you can download from this URL: https://www.microsoft.com/en-us/download/details.aspx?id=30707.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish