VMware Cloud Community
Tater
Contributor
Contributor
‎02-14-2008 10:49 AM

Access to Application Data from Virtual Center (VC)

Could anyone point me to documentation from VMWare that would convince a government agency that someone who has Administrator Access in Virtual Center cannot read or modify application data on a virtual machine?

Here is our situation: We have a goverment client which specifies that all employees working on that program who have any access (including read-only) to the data are required to have a secret-level clearance. We are moving this application to the virtual environment and the question has come up, "Do VC Admins have access through the VC to read or modify data on the VMs?" We do not think this is the case, but we haven't found any documentation from VMWare that states this.

Thanks,

Greg

0 Kudos
3 Replies
mikepodoherty
Expert
Expert
‎02-14-2008 12:18 PM

While there is no method I know of to directly read the data within a virtual disk from Virtual Center, there are ways to modify the virtual disk. This could conceivably be the equivalent of modifying the data - I'm speaking of the ability to change the size of the virtual disk, the ability to delete a virtual disk, etc.

In addition, via VirtualCenter, it is possible to have console access to the virtual servers. I haven't looked into whether you can turn off the console functionality within VirtualCenter but this type of access would be way someone could conceivably read/modify the data within the virtual server.

Based on the above, I doubt you'll be able to get the government agency to drop the clearance requirement.

GaryT
Contributor
Contributor
‎02-15-2008 08:37 AM

The other reply is correct concerning the delete and file size modifications of the VM server file. The administrator should have the required clearances and the configuration should make the SAN/LUN not visable to other ESX Hosts in the configuration. Access to the SAN/LUN should be restricted to the ESX Hosts assigned to the secure configuration.

0 Kudos
Texiwill
Leadership
Leadership
‎02-16-2008 09:04 AM

Hello,

VirtualCenter has a bit of 'security' information leakage about the VMs, specifically their hostnames, ip addresses, hardware configuration, what host they live on, etc. All that information is generally considered to be 'need to know information'. In addition, while it is possible to keep access to the 'Console' from be able to be used, it is one of the major features necessary for an administrator if the VM has issues (like being able to see the BSOD, install VMware Tools etc.)

Given the possible information leakage and the need for console access for someone VC/VIC in its normal modes will not be secure enough to allow those without the appropriate clearance to view the systems.

While it is possible to remove Console access, and to block most of the information leakage from within the VM (disable most of the isolation settings inside the VM), it is not possible to hide the ESX Server name that the VM resides upon. Nor is it possible to completely remove access to the hardware configuration of the VM and what networks upon which it resides.

So given that information is available, I think that the administrator of the ESX server also must have the appropriate clearances.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos