Restricting guest instances in a shared environment

What is claimed is: 1 . A computer-implemented method comprising: obtaining, by a trusted component of a host computing system, wherein the host comprises one or more processors, from a client, via a hypervisor of the host, a request to run an instance of a guest image within the hypervisor, wherein the request comprises a unique identifier of the guest image, contents of the guest image, and a communication key, and wherein the request is encrypted with a request key accessible to the owner and the trusted component and not accessible to the hypervisor; generating, by the trusted component, an authorization request to an authorizing entity of the client requesting authorization for the hypervisor to run the instance, wherein the authorization request comprises the unique identifier, a use counter, and a unique challenge; encrypting, by the trusted component, the authorization request with the communication key; and communicating, by the trusted component, the authorization request to the authorizing entity, via the hypervisor. 2 . The computer-implemented method of claim 1 , wherein the generating comprises: decrypting, by the trusted component, the request with the request key to obtain the unique identifier, the contents of the guest image, and the communication key. 3 . The computer-implemented method of claim 2 , wherein the generating comprises: determining, by the trusted component, based on the unique identifier, a number of instances of the guest image running in the host computing stored in the use counter. 4 . The computer-implemented method of claim 1 , wherein the generating comprises: generating, by the trusted component, the unique challenge. 5 . The computer-implemented method of claim 1 , further comprising: obtaining, by the trusted component, from the authorizing entity, via the hypervisor, the authorization; analyzing, by the trusted component, the authorization to determine if the authorization is authentic; and based on determining that the authorization is authentic, initiating the instance, by the trusted component, by utilizing the contents of the guest image. 6 . The computer-implemented method of claim 5 , wherein the analyzing comprises: decrypting, by the trusted component, the authorization with the communication key; determining, by the trusted component, if the authorization comprises a unique challenge response matching the unique challenge; and based on determining that the authorization comprises the unique challenge response, accepting, by the authorizing entity, the authorization as authentic. 7 . The computer-implemented method of claim 5 , wherein the authorization is based on the authorizing entity determining that a global use counter comprising the use counter and a count of instances with the unique identifier on all host systems other than the host, is less than a maximum number of running instances of the guest image, wherein the authorizing entity obtained the maximum number from the client via a secure communication channel. 8 . The computer-implemented method of claim 7 , further comprising: updating, by the authorizing entity, the global use counter, based on the communicating of the use counter in the authorization request from the trusted component and the authorization. 9 . The computer-implemented method of claim 4 , further comprising: monitoring, by the trusted component, based on the unique identifier, the instances of the guest image running on a host computing system; and updating, based on a start of the instance or a termination of the instance, the number of instances of the guest image running in the host computing system. 10 . The computer-implemented method of claim 4 , further comprising: terminating, by the trusted component, the instance; and communicating, by the trusted component, to the authorizing entity, a termination message encrypted with the communication key comprising the unique identifier, termination information, and a unique number, wherein the authorizing entity utilizes the termination message to update the number of guest number of instances of the guest image running in the host computing system if the authorizing entity has not received the unique number in a previous termination request. 11 . The computer-implemented method of claim 1 , further comprising: obtaining, by the trusted component, from the authorizing entity, via the hypervisor, the authorization; analyzing, by the trusted component, the authorization to determine if the authorization is authentic; and based on determining that the authorization is not authentic, rejecting the authorization. 12 . The computer-implemented method of claim 11 , wherein the analyzing comprises: decrypting, by the trusted component, the authorization with the communication key; determining, by the trusted component, if the authorization comprises a unique challenge response matching the unique challenge; and based on determining that the authorization does not comprise the unique challenge response, rejecting the authorization as not authentic. 13 . The computer-implemented method of claim 11 , further comprising: terminating, by the one or more processors, a communication connection between the host and the client. 14 . The computer-implemented method of claim 1 , further comprising: communicating, by the client, to the authorizing entity, the unique identifier, the communication key, and a maximum number of running instances of the guest image, through a secure channel. 15 . A computer program product comprising: a computer readable storage medium readable by one or more processors and storing instructions for execution by the one or more processors for performing a method comprising: obtaining, by a trusted component of a host computing system, wherein the host comprises one or more processors, from a client, via a hypervisor of the host, a request to run an instance of a guest image within the hypervisor, wherein the request comprises a unique identifier of the guest image, contents of the guest image, and a communication key, and wherein the request is encrypted with a request key accessible to the owner and the trusted component and not accessible to the hypervisor; generating, by the trusted component, an authorization request to an authorizing entity of the client requesting authorization for the hypervisor to run the instance, wherein the authorization request comprises the unique identifier, a use counter, and a unique challenge; encrypting, by the trusted component, the authorization request with the communication key; and communicating, by the trusted component, the authorization request to the authorizing entity, via the hypervisor. 16 . The computer program product of claim 15 , wherein the generating comprises: decrypting, by the trusted component, the request with the request key to obtain the unique identifier, the contents of the guest image, and the communication key. 17 . The computer program product of claim 16 , wherein the generating comprises: determining, by the trusted component, based on the unique identifier, a number of instances of the guest image running in the host computing stored in the use counter. 18 . The computer program product of claim 15 , wherein the generating comprises: generating, by the trusted component, the unique challenge. 19 . The computer program product of claim 15 , the method further comprising: obtaining, by the trusted component, from the authorizing entity, via