Small businesses, branch offices,  and home offices usually have less stringent physical security than enterprise datacenters and IT facilities.  If you have Hyper-V servers in these scenarios you should use the BitLocker Drive Encryption feature in Windows Server 2008. Use BitLocker on all volumes that house VM files (this includes the VMs, VHD, configuration files, snapshots, and any VM resource, such as ISOs and VFDs.

BitLocker works with features in server hardware and firmware to provide secure operating system boot and disk drive encryption, even when the server is not powered or operating. This helps protect data if a disk is stolen and mounted on another machine for data mining. BitLocker also protects data if an attacker uses a different operating system or runs a software hacking tool to access a disk.

For more information on how to configure Bitlocker to protect your Hyper-V server and the VMs on it, see Windows Server 2008 Hyper-V and BitLocker Drive Encryption.

See also “Windows BitLocker Drive Encryption Frequently Asked Questions,”  “Windows BitLocker Drive Encryption Design and Deployment Guides,” and”Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information.”

NOTE: Use BitLocker on  the Hyper-V in the parent partition. Do not run BitLocker within a virtual machine. BitLocker is NOT SUPPORTED within a virtual machine.

BitLocker supports four different authentication modes including one for servers that don’t include a Trusted Platform Module (TPM). For more information see “BitLocker Drive Encryption Technical Overview.”

NOTE: Any configurations and VHDs that are created and stored on a BitLocker-encrypted physical disk volume receive BitLocker protection, regardless of the operating systems that are running on those virtual machines. This means supported non-Windows and legacy Microsoft operating systems benefit from the same BitLocker protection when they run as guest operating systems of Windows Server 2008 Hyper-V.

Deployment is pretty straightforward:

1. Install Windows Server 2008.

2. Install the Hyper-V role and the BitLocker feature.

3. Configure the system volume for BitLocker.

4. Turn on BitLocker and encrypt the operating system and data volumes.

5. Create new virtual machines.

6. Consolidate and deploy workloads onto the Hyper-V server.

If there is a problem, you may need the BitLocker Repair Tool. This tool helps access data encrypted with BitLocker if the hard disk has been physically damaged. This tool attempts to reconstruct critical data from the drive and salvage any recoverable data.
To decrypt the data, a recovery password or recovery key is required. In some cases, a backup of the key package is also required.
Use this command-line tool if the following conditions are true:

• A volume has been encrypted by using BitLocker Drive Encryption.
• Windows does not start, or you cannot start the BitLocker recovery console.
• You do not have a copy of the data that is contained on the encrypted volume.

Hopefully, you will never need the BitLocker Active Directory Recovery Password Viewer, extension for the Active Directory Users and Computers MMC snap-in which lets you locate and view BitLocker recovery passwords that are stored in AD DS. You can use this tool to help recover data that is stored on a volume that has been encrypted by using BitLocker. After you install this tool, you can examine a computer object's Properties dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest. 

NOTE: To view recovery passwords, you must be a domain administrator, or you must have been delegated permissions by a domain administrator.

The Windows Server Catalog shows an up to date list of all successfully Hyper-V tested systems.  For older server systems, newer ones not o n the catalog yet, or non-server systems you can use the following tools to check if your system process supports Hyper-V:

The AMD tool is here
The Intel tool is here

One screen of the Intel tool looks likes this (emphasis added):

Hyper-V requires both hardware assisted virtualization (HAV) and data execution prevention (AMD NX/Intel XD) enabled in the BIOS.

First have a listen to this 8 minute podcast with Senior Hyper-V Dev Lead Brandon baker on Virtualization Security Best Practices. Then, you’ll want to read up on Authorization Manager (AzMan). Here are some resources to get you started:

• AzMan Videos : http://blogs.msdn.com/azman/archive/2007/03/08/azman-videos.aspx
• AzMan Blog : http://blogs.msdn.com/azman/
• Role-Based Access Control for Multi-tier Applications Using Authorization Manager White P... : In the Windows Server 2003 family, Authorization Manager introduces a new model for application authorization on the Windows platform. AzMan gives applications a role-based access control framework that provides manageable administration and natural development for Web-based or line-of-business applications. http://technet2.microsoft.com/WindowsServer/en/library/72b55950-86cc-4c7f-8fbf-3063276cd0b61033.mspx
• Checklist: Before You Start Using Authorization Manager : http://technet2.microsoft.com/WindowsServer2008/en/library/d7145ff2-d560-498d-89e0-a10359799da51033.mspx
• Authorization Manager (TechNet Library) : http://technet2.microsoft.com/WindowsServer/en/library/1b4de9c6-4df9-4b5a-83e9-fb8d497723781033.mspx
• Authorization Manager How To... : All about how to use AzMan for role-based access control (RBAC). http://technet2.microsoft.com/WindowsServer/en/library/5501dc8c-639e-4f07-ac1a-3df3161b73331033.mspx
• How to install and administer the Authorization Manager in Windows Server 2003 : http://support.microsoft.com/kb/324470
• How to Manage AzMan Groups, Roles, and Tasks : http://technet2.microsoft.com/WindowsServer2008/en/library/1faebced-b2b3-4772-a8df-2d2f7b5e177b1033.mspx
• How to Manage Authorization Stores : http://technet2.microsoft.com/WindowsServer2008/en/library/63c53320-fbcd-42b3-ae6d-0a89d8228c621033.mspx
• Troubleshooting Authorization Manager : http://technet2.microsoft.com/WindowsServer2008/en/library/5187d0f6-0e81-4128-a1a7-509444c778901033.mspx
• How to Use and Manage the Authorization Manager Snap-In : http://technet2.microsoft.com/WindowsServer2008/en/library/9bd3ff29-71de-466c-a0b9-30b225c1358e1033.mspx
• Role-based Access Control (RBAC) (MSDN Lib) : http://msdn.microsoft.com/en-us/library/aa379318(VS.85).aspx
• Authorization Manager Model (MSDN Lib) : http://msdn.microsoft.com/en-us/library/aa375758(VS.85).aspx
• Authorization Manager auditing :http://technet2.microsoft.com/WindowsServer/en/library/9f55d5c2-2f65-4abb-b1f3-3a13ad74ec681033.mspx
• Scopes in Authorization Manager :http://technet2.microsoft.com/WindowsServer/en/library/e5132d81-ba4f-4699-a2a5-6ceb5a050ef51033.mspx
• Role-Based Access Control for Multi-tier Applications Using Authorization Manager : http://technet2.microsoft.com/WindowsServer/en/library/72b55950-86cc-4c7f-8fbf-3063276cd0b61033.mspx?mfr=true
• AzMan developer whitepaper : 100 page whitepaper at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetserv/html/AzManApps.asp
• Programming AzMan Video : http://channel9.msdn.com/ShowPost.aspx?PostID=289435
• Getting Started with AzMan Video : http://channel9.msdn.com/Showpost.aspx?postid=289062
• AzMan Feature Demo Video : AzMan on Windows Server Code Name “Longhorn” and Windows Vista.” In this screencast Keith highlights the new features for AzMan that are present in “Longhorn” and Windows Vista at: http://channel9.msdn.com/Showpost.aspx?postid=298350
• http://blogs.msdn.com/azman/archive/2007/04/05/vista-features-demo.aspx

Here are some resources for IT Pros on Windows Server 2008, compiled using the Social Bookmarking Preview on TechNet:

Windows Server 2008 Component Posters

Windows Server 2008 Component Posters, originally printed in the July 2007 issue of TechNet Magazine.

Windows Server 2008 TechCenter

IT Pro resources for Windows Server 2008. Windows Server 2008 Technical Library

Windows Server Community

Windows Server Community resources page.

Windows Server 2008 Step-by-Step Guides

These step-by-step guides help IT Professionals learn about, evaluate and deploy Windows Server 2008. 

Windows Server 2008 Security Guide

This Solution Accelerator helps organizations efficiently create, deploy, and maintain a secure environment for a variety of servers running Windows Server® 2008. 

Group Policy Settings Reference for Windows Server 2008

This spreadsheet lists the policy settings for computer and user configurations included in the Administrative template files (.admx/.adml) delivered with Windows Server 2008 and Windows Vista Service Pack 1 (SP1).

BitLocker Active Directory Recovery Password Viewer

The Bitlocker Active Directory Recovery Password Viewer helps to locate BitLocker Drive Encryption recovery passwords for Windows Vista- or Windows Server 2008- based computers in Active Directory Domain Services (AD DS).

Microsoft Deployment Toolkit 2008

Microsoft Deployment Toolkit 2008 is the next version of Business Desktop Deployment (BDD) 2007. It is the recommended process and toolset to automate desktop and server deployment. This release includes updates to support Windows Vista SP1 and Windows Server 2008 in addition to previously supported platforms.

Server Core Demo

3 minute Keith Combs Server Core Role Installation video.

 Deploying Windows Server 2008

Deployment QnA with links to deployment resources.

 Hyper-V Technical Library content.

Includes Relnotes, Step-by-Step Guides, blogs and links to the Solution Accelerators.

 Microsoft Remote Server Administration Tools (RSAT)

Microsoft Remote Server Administration Tools (RSAT) enable IT administrators to remotely manage roles and features in Windows Server 2008 from a computer running Windows Vista with SP1. You can also download

 Downloads & Pre-requisites for the Hyper-V Management tools for Vista SP1

Ben Armstrong's blog post details links to downloads and pre-requisites for the Hyper-V Management tools for Vista SP1

 Windows Server 2008 Enterprise Evaluation Software download

This software is for evaluation and testing purposes. Evaluating Windows Server® 2008 software does not require product activation or entering a product key. Any edition of Windows Server 2008 may be installed without activation and evaluated for an initial 60 days.

Failover Cluster Step-by-Step Guide: Configuring a Two-Node File Server Failover Cluster

Describes the steps for installing and configuring a file server failover cluster that has two nodes. By creating the configuration in this guide, you can learn about failover clusters and familiarize yourself with the Failover Cluster Management snap-in interface in Windows Server 2008 Enterprise or Windows Server 2008 Datacenter.

Step-by-Step Guide for Testing Hyper-V and Failover Clustering

Shows you how to test using Hyper-V and Failover Clustering together to make a virtual machine highly available.

How to Enable Remote Administration of Server Core via MMC using NETSH

Windows Server 2008 Core introduces some challenges in administering servers without an explorer shell. Here are some netsh commands that will help you administer your Server Core installation remotely through MMC snap-ins.

Sysinternals Suite

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files.

Process Explorer v11.20

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

Design and Implementation for Active Directory Datasheet

The Microsoft Services Design and Implementation for Active Directory offering enables organizations to deploy and optimize Windows Server 2008 Active Directory directory services in the most effective way possible by implementing consistent, reproducible processes and configurations that improve efficiency and require less effort to maintain.

Microsoft IPsec Diagnostic Tool

Microsoft IPsec Diagnostic Tool assists Network administrators with troubleshooting network related failures, focusing primarily on IPsec. It is applicable on Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Volume Activation 2.0 Technical Guidance

Technical documentation for planning, deployment, and operations of Volume Activation 2.0 for Windows Vista and Windows Server 2008. Includes the Volume Activation 2.0 Overview Guide, Planning Guide, Deployment Guide, Operations Guide, Resources, FAQ and Technical Attributes.

Windows SDK for Windows Server 2008 and .NET Framework version 3.5

The Windows SDK for Windows Server 2008 and .NET Framework 3.5 provides documentation, samples, header files, libraries, and tools designed to help you develop Windows applications using both native (Win32) and managed (.NET Framework) technologies.

 Microsoft Baseline Security Analyzer 2.1 (for IT Professionals)

The Microsoft Baseline Security Analyzer provides a streamlined method of identifying common security misconfigurations.

Server Core Blog

http://blogs.technet.com/server_core/default.aspx

This is a lowperv (low perversion)/high information blog post. That’s a joke people. The Social Bookmarking Preview on TechNet and MSDN does not support a hyphen in a tag, the tag comes out “hyperv”. Get it? High perversion = hyperv, low perversion = unnh, never mind…

You’ll be seeing many more resources to help you use Hyper-V after the final bits release. In the meantime, here are some resources to help you get ready, add these to the Hyper-V Security Getting Started Guide and Windows Server 2008 Resources

MICROSOFT ASSESSMENT & PLANNING TOOLKIT 3.1 Beta Bits : Help for sizing your Hyper-V servers and identifying virtualization candidates based on your actual usage data. https://connect.microsoft.com/InvitationUse.aspx?ProgramID=2307&InvitationID=MP31-GT76-X98X&SiteID=297

Hyper-V FAQ : http://www.microsoft.com/windowsserver2008/en/us/hyperv-faq.aspx

Virtualization TechCenter : http://technet.microsoft.com/en-us/virtualization/default.aspx

How to Install Windows Server 2008 Hyper-V RC : http://www.microsoft.com/windowsserver2008/en/us/hyperv-install.aspx

Windows Server 2008 Hyper-V Performance Tuning Guide : http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv.mspx

MSDN & TechNet Powered by Hyper-V Whitepaper : http://download.microsoft.com/download/6/C/5/6C559B56-8556-4097-8C81-2D4E762CD48E/MSCOM_Virtualizes_MSDN_TechNet_on_Hyper-V.docx

Momentum Webcast: Virtualization Capabilities of Windows Server 2008 (Level 100) : http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032368894&CountryCode=US

Momentum Webcast: Are You Ready for Virtualization? (Level 200) : http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032372420&CountryCode=US

Hyper-V Test Lead's Blog : http://blogs.msdn.com/taylorb/ great source of scripts!

Hyper-V performance guru blog : http://blogs.msdn.com/tvoellm/archive/tags/Hyper-V/default.aspx

Virtualization Blog : http://blogs.technet.com/virtualization/default.aspx

Virtual PC Guys; Blog : another great source for scripts! http://blogs.msdn.com/Virtual_PC_Guy/

Hyper-V Sr PM Blog : http://blogs.technet.com/jhoward/

Hyper-V MCS Guy Blog : http://blogs.technet.com/roblarson/

Zarb and Bennett Virtualization Blog : http://blogs.technet.com/virtualworld/

Windows Server Division WebLog : http://blogs.technet.com/windowsserver/

Microsoft Assessment and Planning Team Blog : http://blogs.technet.com/mapblog/

Server and Tools Business News Bytes blog : http://blogs.technet.com/stbnewsbytes/

What else…? Leave comments and I’ll update this list and the Social Bookmark version.

 

The final list of supported operating systems for VMs under Hyper-V RTM is now documented in KB954958.

Server:

Supported server operating systems

• Windows Server 2008, x64-based editions

Note Virtual machines are configured to use one, two, or four virtual processors.

• Windows Server 2008 Standard
• Windows Server 2008 Enterprise
• Windows Server 2008 Datacenter
• Windows HPC Server 2008
• Windows Web Server 2008
• Windows Server 2008 Standard without Hyper-V
• Windows Server 2008 Enterprise without Hyper-V
• Windows Server 2008 Datacenter without Hyper-V

Windows Server 2008, x86-based editions

Note Virtual machines are configured to use one, two, or four virtual processors.

• Windows Server 2008 Standard (x86 Edition)
• Windows Server 2008 Enterprise (x86 Edition)
• Windows Server 2008 Datacenter (x86 Edition)
• Windows Web Server 2008 (x86 Edition)
• Windows Server 2008 Standard without Hyper-V (x86 Edition)
• Windows Server 2008 Enterprise without Hyper-V (x86 Edition)
• Windows Server 2008 Datacenter without Hyper-V (x86 Edition)

Windows Server 2003, x86-based editions

Note Virtual machines are configured to use one or two virtual processors.

• Windows Server 2003 R2 Standard x86 Edition with Service Pack 2
• Windows Server 2003 R2 Enterprise x86 Edition with Service Pack 2
• Windows Server 2003 R2 Datacenter x86 Edition with Service Pack 2
• Windows Server 2003 Standard x86 Edition with Service Pack 2
• Windows Server 2003 Enterprise x86 Edition with Service Pack 2
• Windows Server 2003 Datacenter x86 Edition with Service Pack 2
• Windows Server 2003 Web Edition with Service Pack 2

Windows Server 2003, x64-based editions

Note Virtual machines are configured to use one or two virtual processors.

• Windows Server 2003 R2 Standard x64 Edition with Service Pack 2
• Windows Server 2003 R2 Enterprise x64 Edition with Service Pack 2
• Windows Server 2003 R2 Datacenter x64 Edition with Service Pack 2
• Windows Server 2003 Standard x64 Edition with Service Pack 2
• Windows Server 2003 Enterprise x64 Edition with Service Pack 2
• Windows Server 2003 Datacenter x64 Edition with Service Pack 2

Microsoft Windows 2000 Server

Note Virtual machines are configured to use one virtual processor.

• Windows 2000 Server with Service Pack 4
• Windows 2000 Advanced Server with Service Pack 4

Linux distributions

Note Virtual machines are configured to use one virtual processor.

• SUSE Linux Enterprise Server 10 with Service Pack 2 x86 Edition
• SUSE Linux Enterprise Server 10 with Service Pack 2 x64 Edition
• SUSE Linux Enterprise Server 10 with Service Pack 1 x86 Edition
• SUSE Linux Enterprise Server 10 with Service Pack 1 x64 Edition

You’ve already heard that Hyper-V was running MSDN and TechNet in production, before it was released. The Windows Server Division Weblog reveals today that the biggest website on the planet, Microsoft.com is Powered by Hyper-V.

The scale here is BIG

· Over 1.2 billion page views PER MONTH

· Over 280 million worldwide unique users PER MONTH

In the time it takes to type Microsoft Hyper-V into Live search, about 30K requests just hit www.microsoft.com.

BTW, Hyper-V RTM bits are available, starting today: Windows Server 2008 Hyper-V is available for download.

IT Showcase (my old group) documents how Microsoft IT runs Microsoft using Microsoft products. They’ve just released a technical white detailing the IT deployment of Forefront Client Security solution to on 40,000 corpet PCs. Check out Deploying Microsoft Forefront Client Security at Microsoft:

Technical White Paper | PowerPoint Presentation | IT Pro Webcast

There is a new TechNet Edge video on the first SuperFlow. 

Listen to the short (7.5 min) podcast about an innovative new way to deliver content to IT Pros: the Superflow. The first Superflow is the System Center Configuration Manager 2007 Software Updates Synchronization SuperFlow.

Splogbane: If you are reading this on a blog other than http://blogs.technet.com/tonyso, why not stop patronizing a splog and come over to the original?

Wikipedia says "Flow is the mental state of operation in which the person is fully immersed in what he or she is doing, characterized by a feeling of energized focus, full involvement, and success in the process of the activity".

What is a SuperFlow?
The SuperFlow is a new content model that takes a technical flowchart or process workflow to the next level by providing the following:

Interactive Flowchart
The SuperFlow interactive flowchart provides:
•   General and in-depth technical information about each step in the process.
•   Procedures to accomplish relevant tasks, sample status messages, sample log file entries, troubleshooting information, and more!

Animation
The SuperFlow animation provides:
•   A visual representation for the steps in the SuperFlow process.
•   A detailed description for each step in the SuperFlow process.

Resources
The SuperFlow resources page provides:
• Links to internal resources such as the detailed dataflow for the process, sample log entries for the end-to-end process, verification checklists, etc.
• Links to external Web resources that provide more information about the product and SuperFlow process.

NOW is your chance to influence how Microsoft delivers content to you. From any section of the SuperFlow, there is a feedback link available and I encourage everyone to use the link and tell us what you think.

Or, leave comments here. The more feedback we get, the stronger case we can make for innovative ways to deliver content to you.

The Microsoft Assessment and Planning Toolkit has been updated, and now includes: