Once again attempting to put my entire work machine inside a VM, hosted on a physical laptop running it full screen. This shields the host machine from malicious management actions in event of a corporate compromise, and preserves sovereignty.
Here's the setup I'm working on:
Conversation
Lenovo P1 Gen3 with 12core Xeon, 64GB RAM, two 1TB M.2 SSDs. Running Windows Server 2022 with the Hyper-V role. All hardening applied to host OS, almost nothing happens here except managing guest VMs.
On the second SSD I then have Win10 VMs joined to the corporate domain.
12
4
175
The problem here is Teams. If I want to pass through my webcam and microphone that could get a bit dicey, despite HyperV Enhanced Session being essentially an RDP session. For now I'm using my phone for Teams microphone.
Also I'm not sure how well thermal management will work....
18
4
147
The host laptop will then be joined to a completely separate "Red Forest" in AzureAD so it can be a fully-secured management point for Out-Of-Band communications in event of a total corporate compromise. It will be the bootstrap of the entire IT recovery.
14
6
147
Show replies

