none
HGS Requirements

All replies

  • Hello,

    If you look at this step you will have the information

    https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-configure-dns-forwarding-and-trust

    Based on the command netdom trust it seems that HGS domain should trust the fabric domain

    Best Regards,

    Thursday, July 12, 2018 4:50 PM
  • Hello Dokoh,

    First of all, when I read some documentation describing some feature/technology I expect to see the full explanation, not the one that makes me start looking for another piece of documentation somewhere on the technet.

    Regarding the article you mentioned: I've already read it and also concluded that HGS domain should trust Fabric domain. Moreover, I've deployed guarded fabric in my own test network in that way and it works perfect. And that is why I'm asking that question - because in all MS 70-744 exam questions Fabric domain(s) trust(s) HGS domain(s), not vice versa!!! Should I conclude that people who was making the exam questions didn't read the article you posted above?

    Regards,
    Michael


    • Edited by MF47 Friday, July 13, 2018 7:21 AM
    Friday, July 13, 2018 7:03 AM
  • Hello Michael,

    Your question is a semantic question and regarding that that's why I looked at the implementation plan to be sure that I was understanding well your question.

    Looking around on MVP blogs like the one below and comparing it to the schema in the article below it really seems that HGS domain should trust Fabric domain and not the reverse because they need to prove their identities to the HGS which don't have the information regarding the identities in the HGS domain.

    https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-deployment-overview

    https://blogs.msmvps.com/acefekay/2016/11/02/active-directory-trusts/

    The article below express the same and it is from Microsoft "In this example, two external trust relationships exist between domains in the Windows Server 2003 forest and the Windows 2000 forest. The direction of the one-way external trust arrow indicates that the sales.corp.worldwideimporters.com domain trusts the rome.europe.corp.tailspintoys.com domain, which means that users in the rome.europe.corp.tailspintoys.com domain can access resources in the sales.corp.worldwideimporters.com domain."

    https://technet.microsoft.com/pt-pt/library/cc773178(v=ws.10).aspx

    So maybe it's the MVP blog, docs or technet which are wrong and the MS 70-744 which are right

    Best Regards,

    Friday, July 13, 2018 3:50 PM