We are inviting you to join us on this development journey. Our goal is to build a simple solution for customers to deploy PAW, which offers a good user experience and does not require dedicated resources for ongoing operational management. I also created user voice links, if you'd like to see this offered by Microsoft, please vote here:
I have publish guidelines on how to deploy PAW on-prem guide, see links below)
(Note: update 2018/04, the PAW TAP program has been closed for now. For evaluation, you can create a single node HGS server, with self-signed certificates. If you want to deploy the Host Guardian Server on-premises, you can follow this deployment One key backend service to support the PAW device is the HGS server. The PAW VM will be dedicated for secure workload, which can be locked down, such as network access application whitelisting etc. The desktop VM will handle user daily productivity workload, such as email, internet access Compared to the current PAW solutions that use separate physical machines running different workloads, this design is less costly and has better usability. The design of the PAW host is locked down to run the minimum set of binaries while moving all functionality into the virtual machines running on that host. The shielded VM was first introduced in Windows Server 2016 to protect virtual machines running sensitive workload, and is now made available in Windows client to run the PAW VMs. If you would like to learn about the benefit of shielded VM, you can find more details This feature supports the physical device performing remote health attestation against a Host Guardian Server (HGS) and running shielded VMs. The PAW device is running the Windrelease, which has a new feature "Guarded host". This blog is the first one in the series, aiming at providing an overview of the PAW solution.īelow is a high-level topology view of the deployment:
Meanwhile, I'm planning to write a series of blog posts that explain the details of the new PAW solution, from the host configuration to the template we are building.
In the past few months, we have enrolled many customers to evaluate the solution, and gained valuable insight. It motivated us to speed up the development, so that we can offer a proof of concept. The response was overwhelming, many customers came to visit us at the Expo during the conference, and signed up to evaluate the solution. A week before the conference, we decide to share our early design based on the Windrelease, so that we can gauge the interest from our customers about this solution, and make decision to as to whether we should build a backend service to support the solution. Originally we were planning to just talk about the concept of PAW and how it is deployed in Microsoft.
First published on TECHNET on Oct 13, 2017Īt Ignite conference last month, Dean and I presented a