- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
One thing to consider is that VMs do not always live on ESXi, one of the best ways to restore a VM quickly is into another hypervisor such as Fusion, Workstation, etc. If that happens and the disables for fusion and workstation are not there for whatever reason you are now at risk. So including them in the VMX is a way of having a complete security context regardless of where you run. Personally, I like this as I have found people running restores to whatever is available just to get running again.
How does this work with some backup tools I have heard that send the data to a cloud, then back, etc. Should not the context stay with the backup/replication target regardless of what it is running upon?
And yes, I do move my VMs for demo reasons, etc. My demos have to run as secure as they can, only way to show some things.
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill