I am new to VMs. I just installed ESXi hypervisor and plan to migrate some Windows client machines into VMs. I want these VMs to be in a separate VLAN and forbid file transfers from/to them. Is there any best practice that I should follow, in terms of how should I access them remotely, what tool to use, etc.? How can I disable file transfer, copy and paste? Can someone please point me to the right documentation or some links?
Thanks in advance!
Hello cwen
Welcome to vSphere and Communities.
There are a number of methods of preventing different types of access but what needs to be applied (and where) to harden the VMs depends on a number of things - e.g. blocking ALL file transfer should just be a case of configuring firewall/blocking ports on the Guest-OS level but settings such as disabling copy+paste are at the VM level using the isolation configurations:
Security Considerations for Configuring VMware Tools
Disabling shared folder with ESXi host is perhaps another consideration (depending on what you are trying to achieve):
Disable VMware Shared Folders Sharing Host Files to the Virtual Machine
Bob
Hi,
About security Best Practices: Security Best Practices and Resources
Tools to use? Whatever you want, if you want to access Windows VMs, just use RDP.
And for accessing the ESXi host, use the vSphere Web Client if you are using vSphere 6.5 or above (as a recommendation).
Hi, thanks for your reply. I guess files can be transferred via RDP - which is not wanted. Is there any way to connect to VM without using RDP?
Hi,
Yes, you can use the Console within the vSphere Web Client.
Other than that, if you have a vCenter, you can push files with PowerCLI.
Hello cwen
Welcome to vSphere and Communities.
There are a number of methods of preventing different types of access but what needs to be applied (and where) to harden the VMs depends on a number of things - e.g. blocking ALL file transfer should just be a case of configuring firewall/blocking ports on the Guest-OS level but settings such as disabling copy+paste are at the VM level using the isolation configurations:
Security Considerations for Configuring VMware Tools
Disabling shared folder with ESXi host is perhaps another consideration (depending on what you are trying to achieve):
Disable VMware Shared Folders Sharing Host Files to the Virtual Machine
Bob
Thanks for your reply. I will try that.
Bob, thanks for the reply, very helpful.