- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
VirtualCenter has a bit of 'security' information leakage about the VMs, specifically their hostnames, ip addresses, hardware configuration, what host they live on, etc. All that information is generally considered to be 'need to know information'. In addition, while it is possible to keep access to the 'Console' from be able to be used, it is one of the major features necessary for an administrator if the VM has issues (like being able to see the BSOD, install VMware Tools etc.)
Given the possible information leakage and the need for console access for someone VC/VIC in its normal modes will not be secure enough to allow those without the appropriate clearance to view the systems.
While it is possible to remove Console access, and to block most of the information leakage from within the VM (disable most of the isolation settings inside the VM), it is not possible to hide the ESX Server name that the VM resides upon. Nor is it possible to completely remove access to the hardware configuration of the VM and what networks upon which it resides.
So given that information is available, I think that the administrator of the ESX server also must have the appropriate clearances.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill