Maintaining hypervisor security is a high priority in any data center because a single host server might handle dozens of virtualized workloads. A security breach against a single host could result in a major outage. Unfortunately, there is no such thing as a single, comprehensive security solution guaranteed to keep your data center secure. Good hypervisor security takes a multi-pronged approach, and there are a number of different things that you should do to keep your virtual server environment secure.
Reduce the host's attack surface
One of the first steps to take to secure your virtual data center should be to reduce the attack surface of your hosts. This is especially important in Hyper-V environments because Hyper-V is often installed as a role on a Windows server. If your virtualization hosts do make use of a host operating system, then the operating system should not contain any unnecessary roles, features or applications. The host operating system should be dedicated solely to running Hyper-V and critical infrastructure components such as antivirus software or backup agents.
More on hypervisor security
Developing a virtual security plan
Guarding against virtualization security risks
Another thing you can do to improve hypervisor security is to avoid joining the operating system to a production domain. Instead, create a special management domain in a dedicated Active Directory forest for the sole purpose of managing your virtualization hosts. This type of domain allows you to use management products that require domain membership, but you will not have to worry about exposing your production domain if a host server is compromised. Incidentally, it is a good idea to use physical domain controllers for the virtualization host management domain.
It's best to avoid using a host operating system if possible, but if you have a compelling reason to use one, then Microsoft recommends using a Server Core deployment because of its small attack surface. It also recommends you use a dedicated physical network adapter for the host operating system so that management traffic is isolated from virtual machine (VM) traffic.
Consider virtual firewalls for hypervisor security
Making use of virtual and software firewalls can also help ensure hypervisor security. In most hypervisors, the VMs do not communicate directly with the physical network. Instead, VMs connect to a virtual switch, which connects to a physical network adapter. In this type of architecture, every VM that shares a physical network adapter also shares a common virtual switch. This means that if two VMs need to communicate with one another, the packets do not necessarily have to traverse the physical network.
If the two VMs share a common virtual switch, then the traffic may flow directly from one VM to another without ever passing through the physical network, and hardware firewalls never have a chance to inspect the packets. The best way to overcome this deficiency is to create virtual firewalls (if such a feature exists in your virtualization platform) or to install software firewalls on all of your VMs.
Control your resources to prevent denial-of-service attacks
One of the biggest threats to hypervisor security is denial-of-service attacks. In a virtual server environment, several VMs share a finite pool of hardware resources on a host server. If any one of these VMs consumes excessive hardware resources, then the other VMs may not be able to function properly. For this reason, it is relatively easy for an attacker to cause a major outage by running a DoS attack against a single virtual server.
The way to protect your virtualized environment against such an attack is to put controls in place that prevent any single VM from consuming an excessive amount of physical hardware resources. Although administrators commonly put such controls in place for memory consumption, they often neglect to put similar controls in place for other hardware resources.
The actual controls an administrator can use vary considerably from one hypervisor to another. However, most hypervisors will allow you to limit the amount of memory and CPU time that a VM can consume.
For the most part, securing a virtual data center is like securing a physical data center. Most of the security best practices that apply to physical environments are valid in virtual environments as well. There are, however, some additional precautions that an administrator should take to maintain hypervisor security, especially if host operating systems are used on virtualization hosts.
This was first published in January 2013