Many IT professionals worry about virtual environment security, concerned that malicious code and malware may spread between workloads. Virtualization abstracts applications from the physical server hardware running underneath, which allows the servers to run multiple workloads simultaneously and share some system resources. Though the security threats are very real, modern feature sets now offer better protection, and the type of hypervisor you choose to deploy can also make a big difference. Admins should understand hypervisor vulnerabilities and the current concepts used to maintain security on virtual servers, as well as ways to minimize the hypervisor's system footprint and thus the potential attack surface.
Planning security based on the type of hypervisor
Given that Type 1 and Type 2 hypervisors deploy in your environment differently and interact differently with your infrastructure components, it follows that you would also secure each hypervisor using different techniques. Moreover, it's often easier to code Type 1, or bare-metal, hypervisors, and they also provide better native VM security than Type 2 hypervisors, which must share data between the host and guest OSes.
Staying secure with thin hypervisors
Thin hypervisors are stripped-down, OS-independent hypervisors. With minimal software and computing overhead, they limit the number of ways malicious code can intrude. Deployment is also simpler with thin hypervisors, and you won't need to patch them as often as bare-metal versions. Just be sure any software installed includes digital signatures to ensure malware doesn't make its way into the system.
Getting to know the latest hypervisor security features
Firewall and Active Directory integration, auditing and software acceptance features are just some of the ways today's hypervisors offer enhanced security. But these features will only benefit your infrastructure when deployed correctly. Installing only essential system roles, for example, will minimize the OS footprint and attack surface. In addition, strong logon credentials will help ensure that admin and management tools remain secure. Isolating management traffic also minimizes the potential for hackers to access important data.