Asi se v tom ztracim :)
Jestli spravne chapu, zni dotaz takto: Muze byt HGS role nainstalovana na vitualnim HW, nebo musi byt na fyzickem serveru?
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-prepare-for-hgs
Ano, muze, ale neni to doporuceno.
HGS can be run on physical or virtual machines, but physical machines are recommended.
If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers. (As a best practice for clustering, the three servers should have very similar hardware.)
Se mi zda, ze stavite barona Prasila, ktery se sam za vlasy vytahuje z baziny :)
Reseni ma chranit shileded VM pred neautorizovanym spustenim a pristupem. A jako jedna z kompoment celeho reseni je
Host Guardian Service. Predstavme si, ze to cele zapinam: jak spustim shielded VM s roli HGS na guarded hostu, kdyz mi nebezi overeni klicu - neboli nebezi HGS role? HGS ve virtualu by muselo bezet mimo celou HGS platformu - na jinem, nonguarded
hyper-v. A nebo jsem nepochopil, co se resi :)
Proste delejte veci podle doporuceni, jinak tu za par tydnu budeme resit, ze neco nefunguje :)
