Guest virtual machine hardening
As a part of the defense-in-depth strategy, the ability to isolate the virtual machine from network threats requires augmentation in the ability to isolate the virtual machine from the possible admin insider threat. vSphere administrators have what equates to physical access to the operating system and the data contained therein.
Getting ready
Each VM communicates with the hypervisor to monitor guests, devices, storage, and tools. This section details several options to verify and set a strong security posture for the virtualization environment and the guest virtual machines in particular. Each of the settings in this section are verified or set under an account included in the administrator account role.
How to do it…
The following tasks provide additional security to the hypervisor, the management infrastructure, and the guest VM. Each task requires administrative access to vSphere Client or vSphere Web Client in order to carry out the task.
