Q

Which hypervisor features provide the most virtual server security?

The advent of integrated hypervisor features, focused on security, is welcome news to many admins, but which ones provide the most benefit?

What are the most important features and tactics used for virtual server security?

Today's hypervisors include more features designed to secure the system and its virtual machines. For example, software acceptance features prevent unsigned software from taking up residence on the system, while integrated firewalls eliminate the need for IP tables and use rules to define port access for every service. Enhanced logging and auditing features track activities on the system and prevent malicious activities from being hidden or erased. In addition, Active Directory integration helps to authenticate users trying to access the virtualized servers.

Further reading on hypervisor features and virtual server security

New disaster recovery features in hypervisors

Storage features in VMware vSphere

Hyper-V vs. vSphere memory features

Hypervisor security features, however, provide little benefit unless you deploy and configure them with the proper security guidelines. When you install a hypervisor-OS combination such as Windows Server 2012 and Hyper-V, use a Server Core installation or install only that system's essential roles, which minimizes the OS footprint and attack surface. In addition, never run applications -- even seemingly innocuous applications such as DNS servers -- on the Hyper-V server. You should run all virtual server workloads as VMs. If you must install administrator consoles or other management tools, always use strong, confidential logon credentials.

When you configure virtual server management, use a dedicated network adapter as opposed to sharing management traffic on the general LAN. This configuration is particularly important when working with dedicated management modules, such as HP iLO or Dell DRAC. By keeping management traffic on its own internal LAN and away from WANs such as the Internet, you reduce the chance that hackers will take control of the servers. If separate IT staff manage VMs and servers, do not allow VM admins to access the server management tools. This least-privilege consideration limits the number of personnel that can affect system management.

VMs may spend considerable time in a test and development environment before they are considered ready for production, but they can easily miss critical patches and updates during the development period. Always update the OS in any VM before deploying that VM on a production server. You can also enhance security by using encryption tools tied to the server's physical trusted platform module, which encrypts data on the server's local disk drives and prevents data leakage from disk theft.

This was first published in July 2013

Dig deeper on Virtualization security and patch management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVMware

SearchWindowsServer

SearchCloudComputing

SearchVirtualDesktop

SearchDataCenter

Close