Create shielding data
Before you can create a shielded virtual machine, you must create a shielding data PDK file and upload it.
To create a shielding data PDK file, follow these steps:
Sign in to the Windows Azure Stack portal as a tenant.
Subscribe to an offer that includes shielded virtual machine support.
Click Virtual Machines and then click Shielding Data.
Click Download Guardian to get the Guardian Key file and save it as c:\temp\14300.xml.
Click Download Catalog and save the file as c:\temp\14300.vsc.
Run the following PowerShell commands to create the PDK file:
Import-Module ShieldedVMDataFile Import-Module ShieldedVMDataFile Set-HgsClientConfiguration –EnableLocalMode Import-HgsGuardian -FilePath "C:\temp\14300.xml" -Name Fabric -AllowUntrustedRoot New-HgsGuardian –Name DefaultOwner –GenerateCertificates –ErrorAction SilentlyContinue $pdkOwner = Get-HgsGuardian -Name DefaultOwner $pdkGuardian = Get-HgsGuardian -Name Fabric $pdkPath = "C:\temp\14300.pdk" $vscPath = "C:\temp\14300.vsc" $unattendPath = "C:\temp\unattend.xml " $otherfilesPath = "C:\temp\myfakerdpcertpwd.pfx" $volumeIDQualifier = @(New-VolumeIDQualifier -VolumeSignatureCatalogFilePath $vscpath -VersionRule Equals) Protect-ShieldingDataFile -ShieldingDataFilePath $pdkPath -Owner $pdkOwner -Guardian $pdkGuardian -VolumeIDQualifier $volumeIDQualifier -WindowsUnattendFile $unattendPath -OtherFile $otherfilesPath –Force
To upload a shielding data PDK file, follow these steps:
Click Virtual Machines and then click Shielding Data.
Click 4) Upload shielding data.
Click Browse for file and navigate to the PDK file.
Type a Friendly name and Description, and then click the checkmark.