Posted
by
Bink on
on September 16 2008, 12:18 PM
with no comments
Once you have updated the Windows Server® 2008 operating system with the Hyper-V™ technology release bits and enabled the Hyper-V role, you are ready to run virtual machines (VMs) on your server, now called a virtualization server (also called a “host”).
How does this change your security? Not much. Hyper-V is designed to be fairly transparent. You secure your VMs the same way that you secure physical machines. For example, if you run antivirus software on the physical machine, run it on the VM (not the host). If you segment the physical server to a particular network, do the same to the VM.
Securing the virtualization server itself involves all the measures you take to safeguard any Windows Server 2008 server role, plus a few extra to help secure the VMs, configuration files, and data. For more information on helping to secure Windows Server 2008 workloads, see the “Windows Server 2008 Security Guide.”
Microsoft recommends the following best practices to improve the security of your Hyper-V virtualization servers. Many of these practices apply to your other virtualization servers as well.
Use a Server Core installation for the parent partition. A Server Core installation of Windows Server 2008 presents the smallest attack surface and reduces the number of patches, updates, and restarts required for maintenance. For detailed information and guidance about how to install Server Core, see the “Hyper-V Planning and Deployment Guide,” which includes step-by-step instructions for enabling the Hyper- V role on both Server Core and full installations of Windows Server 2008. Note that there is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008. If you need the Windows Server user interface or a server role that is not supported in a Server Core installation, you will need to install a full installation of Windows Server 2008.
You will manage Hyper-V on a Server Core installation remotely, using the Hyper-V management tools for Windows Server 2008 and Windows Vista® Service Pack 1 (SP1). For more information, see article 952627 and article 950050 in the Microsoft Knowledge Base. For more information about configuring tools for remote management of Hyper-V see the “Hyper-V Planning and Deployment Guide.”
It is a good idea to build a deployment image of Windows Server 2008 with Hyper-V role enabled to use as the base operating system (OS) for your VMs. Robert Larson wrote a great step-by-step article on how to use the Windows Automated Installation Kit (WAIK) for Windows Server 2008 to slipstream the Hyper-V release-to-manufacturing (RTM) update and the integration components into an image for easy deployment. Just add Server Core to his recipe, and you are good to go.
Do not run any applications in the parent partition.
Continue At Source
47259 Views