What are the most important features and tactics used for virtual server security?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Today's hypervisors include more features designed to secure the system and its virtual machines. For example, software acceptance features prevent unsigned software from taking up residence on the system, while integrated firewalls eliminate the need for IP tables and use rules to define port access for every service. Enhanced logging and auditing features track activities on the system and prevent malicious activities from being hidden or erased. In addition, Active Directory integration helps to authenticate users trying to access the virtualized servers.
Further reading on hypervisor features and virtual server security
New disaster recovery features in hypervisors
Storage features in VMware vSphere
Hyper-V vs. vSphere memory features
Hypervisor security features, however, provide little benefit unless you deploy and configure them with the proper security guidelines. When you install a hypervisor-OS combination such as Windows Server 2012 and Hyper-V, use a Server Core installation or install only that system's essential roles, which minimizes the OS footprint and attack surface. In addition, never run applications -- even seemingly innocuous applications such as DNS servers -- on the Hyper-V server. You should run all virtual server workloads as VMs. If you must install administrator consoles or other management tools, always use strong, confidential logon credentials.
When you configure virtual server management, use a dedicated network adapter as opposed to sharing management traffic on the general LAN. This configuration is particularly important when working with dedicated management modules, such as HP iLO or Dell DRAC. By keeping management traffic on its own internal LAN and away from WANs such as the Internet, you reduce the chance that hackers will take control of the servers. If separate IT staff manage VMs and servers, do not allow VM admins to access the server management tools. This least-privilege consideration limits the number of personnel that can affect system management.
VMs may spend considerable time in a test and development environment before they are considered ready for production, but they can easily miss critical patches and updates during the development period. Always update the OS in any VM before deploying that VM on a production server. You can also enhance security by using encryption tools tied to the server's physical trusted platform module, which encrypts data on the server's local disk drives and prevents data leakage from disk theft.
Dig Deeper on Virtualization security and patch management
Related Q&A from Stephen J. Bigelow
Not all hypervisors and OSes can play nice with others. The best method for avoiding complications down the road is to thoroughly test your nested ...continue reading
Theoretically, there is no limit on how 'deep' a nested VM can go. The best way to avoid any confusion is to appropriately label hypervisor nesting ...continue reading
Interested in giving nested virtualization a try in your data center? There are a few software and hardware requirements you'll have to meet first.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.