In computer science, a virtual machine (VM) is a software implementation of a machine (computer) that executes programs like a real machine. A virtual machine monitor (VMM) is a portion of software that, when executed on appropriate hardware, creates an environment allowing the virtualization of an actual physical computer system. Each VM may function as a self-contained platform, running its own operating system (OS) and software applications (processes). Typically, the VMM manages allocation and virtualization of computer resources and performs context switching, as may be necessary, to cycle between various VMs.
A host machine (e.g., computer or server) is typically enabled to simultaneously run multiple VMs, where each VM may be used by a remote client. The host machine allocates a certain amount of the host's resources to each of the VMs. Each VM is then able to use the allocated resources to execute applications, including operating systems known as guest operating systems. The VMM virtualizes the underlying hardware of the host machine or emulates hardware devices, making the use of the VM transparent to the guest operating system or the remote client that uses the VM.
Recently, solutions providing centralized hosting for VMs that run (virtual) desktops have been developed. Such solutions consist of centralized servers that are partitioned into multiple VMs that host the virtual desktops, thereby providing a desktop for each user. The centralized hosting provides the manageability of server-based computing, while the dedicated environment provides the flexibility and compatibility with applications that a desktop enables. In general, VMs therefore enable remote access to a host or server computer by a remote client computer, which mimics or reconstructs the events taking place on the host computer.
However, one of the challenges that arises with such centralized hosting of VMs is security of the VM provisioning process. There are many components involved in the initial provisioning of a VM in a VM system, such as an identity server, a management server, a host server, and the VM operating system (OS) itself. As a result, many opportunities for security breaches present themselves with the different communication channels utilized between the components when provisioning a VM. Presently, initial provisioning of VM requires the use of a hard-coded password over an insecure channel or the manual intervention of an administrator. These solutions are insecure, inefficient, and time-consuming. As such, a solution for provisioning a trusted environment for provisioning a new VM would be beneficial.