averylarry2
Contributor
Contributor

Security -- vmfs? manual startup? anything else?

Jump to solution

Trying to satisfy an auditor . . .

Right now I have an ESXi (free license) server with a Windows 2008 R2 server running on it (local hard drives). If that entire server is stolen, what can I say about the security?  How can the vmfs be accessed?  Can another ESXi server just read the vmfs or does that server somehow need access granted?  (That's also a good question for disaster recovery.)  Right now the guest is set to autostart.  Would it actually help to set it to manual startup?  My theory: if the vmfs/datastores are completely secure (are the encrypted? is it possible to encrypt?) it's meaningless if the guest isn't secure from the network as the ESXi server can boot up and load the guest automatically.  You can hack on the server from the network for as long as you like.  BUT if it's set to manual startup, then they have to have username/password access to the ESXi server in order to even boot the guest.  I just have to make sure I don't cut my arm off, I think (active directory authentication but you can't authenticate because the server is down but you can't boot the server because of manual startup . . .)

I've read through several VMware documents related to security and certification.  I just want to be certain of my answers in the almost "worst case" scenario of a completely intact system stolen -- so the bad guys have all kinds of time to try and hack it.  (Worst case scenario would be stolen with the UPS so the system remains powered on.)

0 Kudos
1 Solution

Accepted Solutions
Dave_Mishchenko
Immortal
Immortal

VMFS doesn't include any encryption so if the server was stolen one could perform a repair install to get access to the VM or there are even options to boot ESXi from a recovery CD that would provide access to the datastore.  If you need encryption you'll have to do it within the VM.

View solution in original post

0 Kudos
4 Replies
Dave_Mishchenko
Immortal
Immortal

VMFS doesn't include any encryption so if the server was stolen one could perform a repair install to get access to the VM or there are even options to boot ESXi from a recovery CD that would provide access to the datastore.  If you need encryption you'll have to do it within the VM.

View solution in original post

0 Kudos
DSTAVERT
Immortal
Immortal

You would need to use encryption within the guest OS. Most OS's today include that capability. EFS

-- David -- VMware Communities Moderator
averylarry2
Contributor
Contributor

So it's really no different from having a physical machine stolen?  I'm surprised.  Doesn't ESXi have some type of access to the data on the guests?  You can, for instance, mount guest file systems -- and back them up/shrink/clone etc.  We're really just relying (in the case of Windows machines) on NTFS security?

0 Kudos
jamesbowling
VMware Employee
VMware Employee

The actual access of ESXi and the guest filesystem is not there.  ESXi sees things from the VMDK level, not actually within the guest.  Well, it can access the guest through VMware Tools but not to the extent you are thinking of, I believe.  If the server was stolen, the person would need to understand how ESX(i) works and how to bring the guest online.  Assuming that this is the case and it is stolen, VMware can't provide you anything to stop a physical catastrophe.  ESX(i) is a hypervisor and just basically manages resources, it doesn't actually do much with the OS installed on the VMDKs created for your VMs.

James B. | Blog: http://www.vSential.com | Twitter: @vSential --- If you found this helpful then please awards helpful or correct points accordingly. Thanks!