What are the most important features and tactics used for virtual server security?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Today's hypervisors include more features designed to secure the system and its virtual machines. For example, software acceptance features prevent unsigned software from taking up residence on the system, while integrated firewalls eliminate the need for IP tables and use rules to define port access for every service. Enhanced logging and auditing features track activities on the system and prevent malicious activities from being hidden or erased. In addition, Active Directory integration helps to authenticate users trying to access the virtualized servers.
Further reading on hypervisor features and virtual server security
New disaster recovery features in hypervisors
Storage features in VMware vSphere
Hyper-V vs. vSphere memory features
Hypervisor security features, however, provide little benefit unless you deploy and configure them with the proper security guidelines. When you install a hypervisor-OS combination such as Windows Server 2012 and Hyper-V, use a Server Core installation or install only that system's essential roles, which minimizes the OS footprint and attack surface. In addition, never run applications -- even seemingly innocuous applications such as DNS servers -- on the Hyper-V server. You should run all virtual server workloads as VMs. If you must install administrator consoles or other management tools, always use strong, confidential logon credentials.
When you configure virtual server management, use a dedicated network adapter as opposed to sharing management traffic on the general LAN. This configuration is particularly important when working with dedicated management modules, such as HP iLO or Dell DRAC. By keeping management traffic on its own internal LAN and away from WANs such as the Internet, you reduce the chance that hackers will take control of the servers. If separate IT staff manage VMs and servers, do not allow VM admins to access the server management tools. This least-privilege consideration limits the number of personnel that can affect system management.
VMs may spend considerable time in a test and development environment before they are considered ready for production, but they can easily miss critical patches and updates during the development period. Always update the OS in any VM before deploying that VM on a production server. You can also enhance security by using encryption tools tied to the server's physical trusted platform module, which encrypts data on the server's local disk drives and prevents data leakage from disk theft.
Dig Deeper on Virtualization security and patch management
Related Q&A from Stephen J. Bigelow
Can my company implement the COBIT framework for compliance? What does it entail?continue reading
Although Windows Server has a built-in backup tool, third-party tools offer useful capabilities, such as reporting and alerting features, to help ...continue reading
I need to back up Active Directory, but I'm not sure which method to use. What are my options for a painless backup and restoration effort?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.