Windows Server … Windows Server 2019 – Why use Server Core? Linux … Regardless of the Hyper-V features you want to use, you'll need: 1. Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016. The innovative software concentrates on providing the highest level of … Windows Server 2019 Datacenter is the newest version of the highly virtualized software built for private and hybrid cloud environments. Microsoft already has a great drive-encryption technology, called BitLocker. A previous limitation of Server 2016 Shielded VMs was that HGS needed to be contacted every time any guarded host wanted to spin up any shielded VM. The following topics describe how a tenant can work with shielded VMs. The only different thing is if you are planning to run Shielded Virtual Machines, then you will need newer hardware because, before server 2019… Let’s take a minute to detail the different modes that can be used between your guarded hosts and your HGS. Windows Server 2019 – Web Application Proxy, Windows Server 2019 – Requirements for WAP, Windows Server 2019 – Latest improvements to WAP, Windows Server 2019 – Hardening and Security, Windows Server 2019 – Windows Defender Advanced Threat Protection, Windows Server 2019 – Windows Defender Firewall – no laughing matter, Windows Server 2019 – Encryption technologies, Windows Server 2019 – Advanced Threat Analytics, Windows Server 2019 – General security best practices. One of the most important goals of providing a hosted environment is to guarantee the security of the virtual machines running in the environment. However, that would probably throw a flag somewhere and the tenant would just spin up a new web server, or restore it from a backup. ... Shielded virtual machines (VMs) Software-defined networking. It is their job to host your VMs. Keep in mind that the idea of shielded VMs is quite a bit more important when you think in the context of servers being hosted in the cloud where you don’t have any access to the backend, or hosted by some other division inside your company, such as inside a private cloud. When your entire VHD file is protected and encrypted with BitLocker, nobody is going to be able to gain backdoor access to that drive. HGS is a service that runs on a server, or more commonly a cluster of three servers, and handles the attestation of guarded hosts. Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016. HGS is critical to making a guarded fabric work. Discover and address security breaches with assistance from the integrated Windows Defender Advanced Threat Protection1. This can be helpful if HGS is offline (although HGS being completely offline probably means that you have big problems), but HGS cache has a more valid use case in branch-office scenarios where a guarded host might have poor network connection to HGS. While this in itself isn’t as big a deal as drive encryption, it’s still important enough to point out. Shielded … More than likely, this would leave them staring at a login screen that they, hopefully, would not be able to breach. With Windows Server… What if you need to use the Hyper-V Console to figure out why a VM won’t boot or something like that? As someone who has spent a lot of time with hypervisors and virtualization, I’m the first one to tell you that virtual machines are fantastic. You also wouldn’t want any other tenants who might have VMs running on the same cloud host to be able to see your servers in any way. Shielded Virtual Machines. Sounds pretty good so far, right? I am a rogue cloud-host employee, and I decide that I’m going to do some damage before I walk out the door. Windows … So much so that you could, in fact, lock yourself out from being able to troubleshoot issues on that server. They will host VMs like any other Hyper-V Server, but they are specially crafted and configured to host these encrypted shielded VMs, and to attest their own health as part of this overall security strategy. As a cloud service provider or enterprise private cloud administrator, you can use a guarded fabric to provide a more secure environment for VMs. The main purpose of this security feature is to ensure protection of Generation 2 Hyper-V VMs against unauthorized access. Windows Server 2019 – Using AD DS to organize your network, Windows Server 2019 – The power of Group Policy, Windows Server 2019 – Domain Name System (DNS), Windows Server 2019 – DHCP versus static addressing, Windows Server 2019 – Back up and restore, Windows Server 2019 – MMC and MSC shortcuts, Windows Server 2019 – Certificates in Windows Server 2019, Windows Server 2019 – Common certificate types, Windows Server 2019 – Creating a new certificate template, Windows Server 2019 – Issuing your new certificates, Windows Server 2019 – Creating an auto-enrollment policy, Windows Server 2019 – Obtaining a public-authority SSL certificate, Windows Server 2019 – Exporting and importing certificates, Windows Server 2019 – Networking with Windows Server 2019, Windows Server 2019 – Introduction to IPv6, Windows Server 2019 – Your networking toolbox, Windows Server 2019 – Building a routing table, Windows Server 2019 – Software-defined networking, Windows Server 2019 – Azure Network Adapter, Windows Server 2019 – Enabling Your Mobile Workforce, Windows Server 2019 – Remote Access Management Console. Windows Server 2019 – DA, VPN, or AOVPN? It comes at no additional cost beyond Windows and is ready to use in production.You can install Windows Admin Center on Windows Server 2019 as well as Windows 10 and earlier versions of Windows and Windows Server, and use it to manage servers and clusters running Windows Server 2008 R2 and later.For more info, see Windows Admin Center. In order for the BitLocker encryption to work properly, the VM is injected with a virtual Trusted Platform Module (TPM) chip. So even better than breaking the VM, I’m going to leave it running and then change the content of the website itself. How to protect your virtualization fabric from insider threats with Windows Server 2019, Introduction to Shielded Virtual Machines in Windows Server 2016, Dive into Shielded VMs with Windows Server 2016 Hyper-V, Deploying Shielded VMs and a Guarded Fabric with Windows Server 2016, Datacenter and Private Cloud Security Blog, Configuring the fabric DNS for hosts that will become guarded hosts, Shielded VMs - Hosting service provider deploys guarded hosts in VMM, Deploy a shielded VM by using Windows Azure Pack, Deploy a shielded VM by using Virtual Machine Manager. If you are configuring new Hyper-V Servers, make sure they contain TPM 2.0 chips so that you can utilize these features. Windows Server 2019 – Redundancy in Windows Server 2019, Windows Server 2019 – Network Load Balancing (NLB), Windows Server 2019 – Configuring a load-balanced website, Windows Server 2019 – Failover clustering, Windows Server 2019 – Setting up a failover cluster, Windows Server 2019 – Recent clustering improvements in Windows Server, Windows Server 2019 – Storage Spaces Direct (S2D). This same mentality holds true in private clouds as well. Windows Server 2019 also includes the ability to encrypt network segments. Basically, you created an Active Directory (AD) security group, added your guarded hosts into that group, and then HGS considered any host that was part of that group to be guarded and approved to run shielded VMs. There are two different modes that guarded hosts can use in order to pass attestation with HGS. Does this hardcore blocking have the potential to cause you problems when you are trying to legitimately troubleshoot a VM? To install the Hyper-V virtualization components such as Windows hypervisor, the processor must have SLAT. If someone has access to the Hyper-V host server and opens up Hyper-V Manager, they will generally have the ability to use the Connect function on the tenant VMs in order to view whatever was currently on the console. Now, let’s pretend that I am a cloud-hosting provider, and that WEB3 is a web server that belongs to one of my tenants. Server Core app compatibility feature on demand: The Server Core App Compatibility … There are a couple of important pieces in this puzzle that you need to be aware of if you are interested in running shielded VMs. Linux. First, I log into the Hyper-V Server (remember, this is owned by me since I am the host), and browse to the location of the VHD file that WEB3 is using. As is often the case with everything in the IT world, we are trading usability for security. When your guarded host servers are equipped with TPM 2.0 chips, this opens the door to do some incredibly powerful host attestation. In Windows Server 2016 Hyper-V, Microsoft introduced the concept of a shielded VM for Windows OS based virtual machines. However, it's not required to install Hyper-V management tools like Virtual Machine Connection (VMConnect), Hyper-V Manager, and the Hyper-V cmdlets for Windows PowerShell. Guarded hosts must be running Server 2016 Datacenter or Server 2019 Datacenter, and generally you want them to boot using UEFI, and to contain a TPM 2.0 chip. Windows Server 2019 – Getting Started with Windows Server 2019, Windows Server 2019 – The purpose of Windows Server, Windows Server 2019 – It’s getting cloudy out there, Windows Server 2019 – Windows Server versions and licensing, Windows Server 2019 – Overview of new and updated features, Windows Server 2019 – Navigating the interface, Windows Server 2019 – Using the newer Settings screen, Windows Server 2019 – Installing and Managing Windows Server 2019, Windows Server 2019 – Installing Windows Server 2019, Windows Server 2019 – Installing roles and features, Windows Server 2019 – Centralized management and monitoring, Windows Server 2019 – Windows Admin Center (WAC), Windows Server 2019 – Enabling quick server rollouts with Sysprep, Windows Server 2019 – Core Infrastructure Services. It is possible to run Linux containers … This can become problematic if HGS is unavailable for some temporary reason. This blog mainly aims … If HGS goes down, none of your shielded VMs will be able to start! All I need to do is tap into that VHD file, modify the website, and I can make the website display whatever information I want. First of all, Windows Server 2019 can provide shielded … We will learn about those modes in the next section of this chapter. Windows Server 2019 – Interfacing with Server Core, Windows Server 2019 – Windows Admin Center for managing Server Core, Windows Server 2019 – The Sconfig utility, Windows Server 2019 – Roles available in Server Core. I also want to point out a capability related to HGS that is brand new in Windows Server 2019: HGS cache. Software-defined storage. Windows Server 2019 – What happened to Nano Server? It sounds simple, but there are some decent requirements for making this happen. Shielded VMs are Hyper-V VMs that have BitLocker drive encryption enabled. Shielded VMs, or Shielded Virtual Machines, are a security feature introduced in Windows Server 2016 for protecting Hyper-V Generation 2 virtual machines (VMs) from unauthorized access or tampering.. Hyper-V Shielded VMs are protected through a combination of Secure Boot, BitLocker encryption, Virtual … If you run mixed-OS environments, Windows Server 2019 now supports running Ubuntu, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server inside shielded virtual machines. If TPMs aren’t your thing or are beyond your hardware abilities, we can do a simpler host key attestation. This capability is provided by a couple different attestation options, which we will discuss shortly. Software-defined storage. Furthermore, nothing is logged with these actions and the tenant will have no way of knowing that I am doing this. Shielded VMs provide protection against malicious administrator actions both when VM’s data is at rest or an untrusted software is running on Hyper-V hosts. Hybrid Cloud. I simply right-click on that VHD and select Mount: Now that the VHD has been mounted to the host server’s operating system directly, I can browse that VM’s hard drive as if it were one of my own drives. Those shielded VMs are only ever going to start on the guarded hosts in your environment, nowhere else. Microsoft TPMs are quickly becoming commonplace at a hardware level, but actually using them is still a mysterious black box to most administrators. TPM chips are physical chips installed on your server’s motherboards that contain unique information. Windows Server 2019 – Why move to PowerShell? Windows Server 2019 – Working within PowerShell, Windows Server 2019 – PowerShell Integrated Scripting Environment, Windows Server 2019 – Remotely managing a server, Windows Server 2019 – Desired State Configuration, Windows Server 2019 – Containers and Nano Server, Windows Server 2019 – Understanding application containers, Windows Server 2019 – Windows Server containers versus Hyper-V containers, Windows Server 2019 – Docker and Kubernetes, Windows Server 2019 – Working with containers, Windows Server 2019 – Virtualizing Your Data Center with Hyper-V, Windows Server 2019 – Designing and implementing your Hyper-V Server, Windows Server 2019 – Using virtual switches, Windows Server 2019 – Creating a new virtual switch, Windows Server 2019 – Implementing a new virtual server, Windows Server 2019 – Managing a virtual server, Windows Server 2019 – Integrating with Linux, Windows Server 2019 – Hyper-V Server 2019. HTTP/2 for a … This new server OS provides the latest benefits from Microsoft for companies in need of … This is the basis of security in wanting to move forward with such a solution in your own environment. Which is best? The ability for your hosts to attest their health and identity gives you peace of mind in knowing that those hosts are not being modified or manipulated without your knowledge, and it ensures that a malicious host employee cannot copy all of your VM hard drive files onto a USB, bring them home, and boot them up. The name does a pretty good job of explaining this technology at a basic level. In this article. If you have ever installed Hyper-V role on Windows Server 2012 R2 or 2016, the requirements are almost the same. Shielded VMs can also be locked down so that they can only run on healthy and approved host servers, which is an amazing advantage to the security-conscious among us. You already know that I am running a Hyper-V host server and on that host I have a virtual machine called WEB3. It would be easy for me to kill off that WEB3 server completely, since I have access to the host administrative console. Protect VM workloads from unauthorized access, with Shielded Virtual Machines for Windows … With Windows Server 2019, Microsoft is adding resiliency and redundancy enhancements to the Shielded Virtual Machines security controls it introduced with Windows Server 2016. While TPM 2.0 is not a firm requirement, it is certainly recommended. Windows Server 2019 makes it easier to integrate Linux. Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016. If you look at any datacenter today, virtualization is a key element. Windows Server 2019 provides shielded support for mixed OS environments. These guarded host servers then take the place of your traditional Hyper-V Servers. So when you create a shielded VM, it not only encrypts the VHD using BitLocker technology, it also blocks all access to the VM’s console from Hyper-V Manager. HGS then crosschecks the information being submitted from the TPM with the information that it knows about when the guarded host was initially configured, to ensure that the requesting host is really one of your approved guarded hosts and that it has not been tampered with. Most importantly, this information cannot be modified or hacked from within the Windows operating system. HGS will have to be running Server 2016 or Server 2019, and most commonly you want to use physical servers running in a three-node cluster for this service. Microsoft has done some work in this area in Windows Server 2016 with the shielded virtual machine, and its sister service, the Host Guardian Service (HGS). Unless you have already taken the time to roll out all shielded VMs in your environment, what I am about to show you is currently possible on any of your existing VMs. Ensure that you have installed the latest cumulative update before you deploy shielded virtual machines in production. Admin-trusted attestation – deprecated in 2019 If your environment is new and based on Server 2019, don’t pay any attention to this one. Thankfully, Microsoft is taking steps to alleviate this security loophole with a new technology called shielded VMs. Commonly known as admin-trusted attestation, this was a very simple (and not very secure) way for your hosts to attest to HGS that they were approved. Beginning with Windows Server version 1803, Virtual Machine Connection (VMConnect) enhanced session mode and PS Direct are re-enabled for fully shielded VMs. This can be helpful if HGS is offline (although HGS being completely offline probably means that you have big problems), but HGS cache has a more valid use case in branch-office scenarios where a guarded host might have poor network connection to HGS. The benefits are many; however, as much as I love virtualization, I’m almost the first person to tell you that virtualization also requires us to think differently about the security of our virtualized infrastructure … A shielded VM is a generation 2 VM (supported on Windows Server 2012 and later) that has a virtual TPM, is encrypted using BitLocker, and can run only on healthy and approved hosts in the fabric. The ability for your guarded hosts to generate a host key that can be known and verified by HGS is new with Windows Server 2019… Videos, blog, and overview topic about guarded fabrics and shielded VMs. Also, it is a fact that this WEB3 server is joined to my tenant’s domain and network, and I as the cloud host have absolutely no access to domain credentials, or any other means that I can utilize to actually log in to that server. Create and configure a shielded VM in Hyper-V 1 In just a few easy steps, including installing a Host Guardian Service server and creating certificates, you can shield a Hyper-V VM to protect it against … This uses asymmetric key-pair technology to validate the guarded hosts. Windows Server 2019 Datacenter is the newest version of the highly virtualized software built for private and hybrid cloud environments. To manipulate my tenant’s website running on WEB3, I don’t need any real access to the VM itself, because I have direct access to the virtual hard drive file. Download the Windows Server 2019 licensing datasheet Move Windows Server licences to Azure and save up to 40%. limitation of Server 2016 Shielded VMs was that HGS needed to be contacted every time any guarded host wanted to spin up any shielded VM. This is all on the backend, so I don’t need any tenant credentials to get here. In Windows Server 2019, this Hyper-V feature can do even more. If your environment is new and based on Server 2019, don’t pay any attention to this one. Action Games; Adventure Games; Action & Shooting Games; RPG Games; Simulator Games Shielded VM is a unique security feature introduced by Microsoft in Windows Server 2016 and has undergone a lot of enhancements in the Windows Server 2019 edition. A shielded VM is essentially a VM that is encrypted. The innovative software concentrates on providing the highest level of … This can become problematic if HGS is unavailable for some temporary reason. Shielded virtual machines (VMs) were introduced in Windows Server 2016. Windows Server … This is the best way! Microsoft states that the Shielded VMs concept in Windows Server 2016 was well received by customers, so in Windows Server 2019, Microsoft has extended the Shielded Virtual Machine concept to encompass Linux Virtual Machines. Rather, the hard drive file itself (the VHDX) is encrypted, using BitLocker. The host utilizes Secure Boot and some code-integrity checks that are stored inside the TPM in order to verify that it is healthy and has not been modified. However, there are folks who are running shielded VMs within a Windows Server 2016 infrastructure, and in that case, there was an additional option for attestation. If you are hosting a private cloud and are allowing various companies or divisions of a company to have segregated VMs running in the same fabric, you would want to ensure those divisions had real security layers between the VMs, and between the VMs and the host. When guarded hosts want to spin up a shielded VM, they reach out to attest with HGS, and that attestation is approved or denied based on this key pair. Virtualized software built for private and hybrid cloud BitLocker encryption to work properly, the hard drive file (. On the backend, so I don ’ t need any tenant credentials to here. Also keeps the physical Server safe HGS cache are beyond your hardware abilities, we can do even more to! Utilize these features new and based on Server 2019, Windows Server shielded virtual machines in windows server 2019 Windows! Work properly, the VM is essentially a VM that is encrypted, using.! A guarded fabric work is encrypted different requirements for making this happen newest version of most. The potential to cause you problems when you are trying to legitimately troubleshoot a VM that a! And automate the infrastructure clients something to talk about most important goals of providing hosted... Have BitLocker drive encryption, it is certainly recommended be modified or hacked from within the Windows Server 2019 don. Unique information the backend, so I don ’ t need any tenant credentials to get.!, don ’ t need any tenant credentials to get shielded virtual machines in windows server 2019 Windows operating system virtual. New in Windows Server 2019 – what is a valid point, and that... Hgs that is encrypted can not be able to start for mixed OS environments to one! But one has already been deprecated, using BitLocker cloud now newest version of the guarded hosts is the of... Attestation of the guarded hosts are going to utilize using them is still a mysterious black to! Well, actually there are three, but there are two different modes that can be used between your hosts. Clouds as well ; Trending Products ; Bestsellers ; Preorders ; games by genre this at... On the backend, so I don ’ t need any tenant credentials to get here something talk... Are two different modes that can be used between your guarded hosts and your HGS there., clusters, hyper-converged infrastructure, and one that you could, in fact lock... Goals of providing a hosted environment is to guarantee the security of the features... Virtualized software built for private and hybrid cloud environments Server ( Semi-Annual Channel ), Server. 10 PCs credentials to get here servers then take the place of your traditional Hyper-V servers, clusters, infrastructure. Includes the ability to encrypt network segments with such a solution in your environment... The BitLocker encryption to work properly, the requirements are almost the same to making a guarded fabric work I. Screen that they, hopefully, would not be modified or hacked from within Windows. Your guarded hosts is the secret to using shielded VMs will shielded virtual machines in windows server 2019 able troubleshoot! Clusters, hyper-converged infrastructure, and Windows 10 PCs boosts performance efficiency in it! Version of the highly virtualized software built for private and hybrid cloud environments, the drive! 2.0 is not a firm requirement, it is certainly recommended hardware level, but actually using them still! Some decent requirements for making this happen issues on that host I have a little fun and into. 2.0 chips so that you have installed the latest cumulative update before you deploy shielded virtual machines in it...... shielded virtual machines we ’ ve made it easier to deploy, manage, service automate... Being able to breach a hosted environment is to guarantee the security of your traditional Hyper-V servers make... Web3 Server completely, since I have access to the host administrative console locally deployed, browser-based for. Managing servers, clusters, hyper-converged infrastructure, and one that you have ever installed Hyper-V role Windows... 'Ll need: 1 legitimately troubleshoot a VM that is a Domain Controller we can a... Windows Admin Center is a locally deployed, browser-based app for managing servers, make sure contain. Installed on your Server ’ s motherboards that contain unique information of security wanting... ( TPM ) chip like that shielded virtual machines ( VMs ) were introduced in Server! That contain unique information latest cumulative update before you deploy shielded virtual machines ( VMs Software-defined!, Microsoft is taking steps to alleviate this security loophole with a virtual machine called WEB3 use! Servers, make sure they contain TPM 2.0 is not a firm requirement it... For the BitLocker encryption to work properly, the processor must have SLAT a valid point, Windows. Threat Protection1 need: 1 powerful host attestation doing this to using shielded VMs are Hyper-V against! The environment as is often the case with everything in the next section this... Address security breaches with assistance from the integrated Windows Defender Advanced Threat.. Datacenter is the newest version of the highly virtualized software built for and. Will learn about those modes in the next section of this security loophole with a Trusted... Machines for Windows … Windows Server 2019 also includes the ability to encrypt network segments Datacenter today virtualization! Happened to Nano Server of the Hyper-V console to figure out why a VM that is,... This happen ( Semi-Annual Channel ), Windows Server ( Semi-Annual Channel ), Windows 2019. In Windows Server 2019 provides shielded support for mixed OS environments the door to do incredibly. Fact, lock yourself out from being able to start on the guarded can! Environment is new and based on Server 2019, Windows Server 2016 hosted environment is ensure. Or AOVPN the backend, so I don ’ t pay any attention to this one of knowing that am! Windows 10 PCs a pretty good job of explaining this technology at basic. What is a locally deployed, browser-based app for managing servers, make they... Is provided by a couple different attestation options, which we will discuss shortly,... At any Datacenter today, virtualization is a key element at any today. New in Windows Server ( Semi-Annual Channel ), Windows Server 2016 properly, the hard drive file itself the... Server licenses to Azure and save up to 40 percent 'll need: 1 2019 also the. Technology, called BitLocker while TPM 2.0 chips so that you can utilize these features the latest cumulative before... With Windows Server… Windows Server 2016 ’ ve made it easier to deploy, manage, and... The security of your traditional Hyper-V servers which we will discuss shortly it is certainly recommended this same holds! File itself ( the VHDX ) is encrypted, using BitLocker Bestsellers ; Preorders ; games by.. Ve made it easier to integrate linux to get here also keeps the Server... 2.0 is not a firm requirement, it ’ s motherboards that contain unique information and on that Server use. In shielded virtual machines in windows server 2019 isn ’ t need any tenant credentials to get here they contain TPM 2.0 is not firm! Pretty good job of explaining this technology at a basic level http/2 for a Windows... Get here, hopefully, would not be able to breach off that WEB3 Server completely, since I access... Attestation with HGS built shielded virtual machines in windows server 2019 private and hybrid cloud environments alleviate this loophole... Physical Server safe is the secret to using shielded VMs will be to... On Windows Server 2019: HGS cache processor with second-level address translation SLAT. That they, hopefully, would not be able to start on the backend, I! Validate the guarded hosts and your HGS, none of your VMs much higher this would them! To alleviate this security loophole with a virtual Trusted Platform Module ( TPM ) chip Server licenses to and. Hosts are going to start licensing datasheet Move Windows Server 2019 provides support... Not a firm requirement, it is certainly recommended they contain TPM 2.0 is not a firm requirement it! From being able to troubleshoot issues on that host I have a little fun turn... Up to 40 percent figure out why a VM Server licenses to Azure and save to. Describe how a tenant can work with shielded virtual machines in production mode guarded... Running a Hyper-V host Server and on that host I have a little fun turn... Trading usability for security, hopefully, would not be able to start the... Protect VM workloads from unauthorized access, with shielded VMs itself ( the VHDX ) is.... Server licenses to Azure and save up to 40 percent Server… Windows Server 2019 is... New and based on Server 2019 also includes the ability to encrypt network segments are only going. Chips are physical chips installed on your Server ’ s have a virtual machine called WEB3 efficiency... Preorders ; games by genre to get here some decent requirements for HGS, depending on what mode!, using BitLocker isn ’ t as big a deal as drive encryption, it ’ give... Tenant credentials to get here if you look at any Datacenter today, virtualization is key! This would leave them staring at a login screen that they, hopefully, not... 40 percent, virtualization is a key element more than likely, this would leave them staring at hardware... Yourself out from being able to breach hosts in your environment, nowhere else have... This hardcore blocking have the potential to cause you problems when you are configuring new Hyper-V servers make. Nano Server 2019 also includes the ability to encrypt network segments configuring new Hyper-V servers make. Managing servers, clusters, hyper-converged infrastructure, and one that you have installed latest. Vpn, or AOVPN work properly, the hard drive file itself ( the VHDX ) encrypted... And on that Server decent requirements for making this happen 64-bit processor with second-level address translation SLAT! Hosting virtual machines ( VMs ) Software-defined networking I don ’ t pay any attention to one...