Mental Ward

Blog archive

Hyper-V Security Guide Out

Virtualization security is in somewhat the same boat as virtual desktop infrastructure: lots of discussion, but less actual implementation. It's my belief (unverified and mostly anecdotal) that admins think their standard security measures will protect their virtual environments. Or maybe they do, in the dark recesses of their minds, know that they need to beef up their virtual security, but lack the time or guidance necessary.

I can't help with the time part, but in terms of guidance, Microsoft is doing its part with the recent release of a Hyper-V security guide. Note that you need a LiveID and have to join the beta program. The Windows virtualization team blog reports that three main areas are stressed:

  • Hardening the Hyper-V server role.
  • Of course, one reason for a server core implementation is increased security, but it's good to go into more detail on installation and configuration parameters.

  • VM management and delegation. Unless you're a one-stop shop, you'll need to know the safest ways to delegate management functions to others, especially in the areas of administrative access.

  • Protecting the VMs themselves. That includes auditing information, encryption and file system permissions.

If you are testing Hyper-V or using it in production, I'd call this a must-do. And soon.

Posted by Keith Ward on 02/11/2009 at 12:48 PM


Subscribe on YouTube