Whether you are operating a virtual datacenter or a full-blown private cloud, you will need to ensure the security of your VMware systems just as you would your physical servers.
Virtual server security has the same rules of the road as any other type of IT security: protect the machine, reduce access, patch often: there’s nothing new here. But virtual machines can also be maliciously (or even accidentally) configured to bring their own performance down or kill the whole machine itself.
But there are ways to prevent such occurrences in your VMware environment.
Whatever security measures you would do on a physical system, perform them on a virtual machine. If that means loading up anti-malware software or intrusion detection, then you’d better get those installed on your VM, too. At the very least, it means that you should be maintaining the security patches for your guest system just as diligently as your host systems’.
Brian Proffitt is a veteran technology journalist, analyst, and author with experience in a variety of technologies, including cloud, virtualization, and consumer devices. Follow him on Twitter @TheTechScribe and Google+ at +Brian Proffitt.
Prevent your virtual machine from completely taking over the host system’s resources. A seemingly innocuous attack could force your guest system to hog all of the host’s resources, grinding the VM and all the other virtual machines on the host server to a complete halt.
Tighten up the layer where the guest machine and the host’s hypervisor actually interact. This is where the drivers for the guest and host talk to each other, and it’s a prime spot for hackers to interfere with operations if things aren’t locked down. Make sure all drivers being used, normal and virtualized, are as up-to-date as possible.
Limit the amount of data the guest machine sends over to the vmware.log file out on the host system. It’s possible that an attacker could get the guest system to flood the log file, which essentially fills up the disk drive on the host system and renders the VMs on that server unusable. In fact, put limits on all the data a guest VM sends over to the host, both in terms of size and specificity. Anything that moves from guest to host is a potential vector for trouble.
Isolate your networks. Virtual machines are often tied to each other, so the networks of virtual machines can be the targets of network-based attacks. Using network segmentation by using separate physical network adapters for VM zones or creating virtual LANs is a good way to avoid trouble. Try segmenting the management network as well to further minimize the risk.
Hardening the guests, the virtual interaction layer, and any network connecting these systems is a triple way of keeping a VMware environment secure.