VMware Cloud Community
cwen
Contributor
Contributor
‎02-20-2019 12:53 PM
Jump to solution

How to limit file transfer from/to VMs

I am new to VMs. I just installed ESXi hypervisor and plan to migrate some Windows client machines into VMs. I want these VMs to be in a separate VLAN and forbid file transfers from/to them. Is there any best practice that I should follow, in terms of how should I access them remotely, what tool to use, etc.? How can I disable file transfer, copy and paste? Can someone please point me to the right documentation or some links?

Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
TheBobkin
Champion
Champion
‎02-21-2019 01:15 PM
Jump to solution

Hello cwen

Welcome to vSphere and Communities.

There are a number of methods of preventing different types of access but what needs to be applied (and where) to harden the VMs depends on a number of things - e.g. blocking ALL file transfer should just be a case of configuring firewall/blocking ports on the Guest-OS level but settings such as disabling copy+paste are at the VM level using the isolation configurations:

Security Considerations for Configuring VMware Tools

Disabling shared folder with ESXi host is perhaps another consideration (depending on what you are trying to achieve):

Disable VMware Shared Folders Sharing Host Files to the Virtual Machine

Bob

View solution in original post

0 Kudos
6 Replies
dbalcaraz
Expert
Expert
‎02-20-2019 11:55 PM
Jump to solution

Hi,


About security Best Practices: Security Best Practices and Resources

Tools to use? Whatever you want, if you want to access Windows VMs, just use RDP.

And for accessing the ESXi host, use the vSphere Web Client if you are using vSphere 6.5 or above (as a recommendation).

-------------------------------------------------------- "I greet each challenge with expectation"
0 Kudos
cwen
Contributor
Contributor
‎02-21-2019 08:06 AM
Jump to solution

Hi, thanks for your reply. I guess files can be transferred via RDP - which is not wanted. Is there any way to connect to VM without using RDP?

0 Kudos
dbalcaraz
Expert
Expert
‎02-21-2019 10:56 AM
Jump to solution

Hi,

Yes, you can use the Console within the vSphere Web Client.

Other than that, if you have a vCenter, you can push files with PowerCLI.

-------------------------------------------------------- "I greet each challenge with expectation"
0 Kudos
TheBobkin
Champion
Champion
‎02-21-2019 01:15 PM
Jump to solution

Hello cwen

Welcome to vSphere and Communities.

There are a number of methods of preventing different types of access but what needs to be applied (and where) to harden the VMs depends on a number of things - e.g. blocking ALL file transfer should just be a case of configuring firewall/blocking ports on the Guest-OS level but settings such as disabling copy+paste are at the VM level using the isolation configurations:

Security Considerations for Configuring VMware Tools

Disabling shared folder with ESXi host is perhaps another consideration (depending on what you are trying to achieve):

Disable VMware Shared Folders Sharing Host Files to the Virtual Machine

Bob

0 Kudos
cwen
Contributor
Contributor
‎02-22-2019 11:10 AM
Jump to solution

Thanks for your reply. I will try that.

0 Kudos
cwen
Contributor
Contributor
‎02-22-2019 11:10 AM
Jump to solution

Bob, thanks for the reply, very helpful.

0 Kudos