Curiously one of the topics we hardly ever get asked about at our IT Camps is security in Hyper-V. Perhaps it’s because you all have total confidence in our approach security, or you already have the facts to hand, but more likely is that you forgot to ask about because it’s not top of your agenda.
That’s OK, and anyway I need to write this so I have the definitive answers to hand when someone asks me.
So what do you need to consider when virtualising your data centre?
The best resource I have seen is by the US Government specifically the National Institute of Standards & Technology in their Guide to Security for Virtualization Technologies. It’s a big read but the three key sections are:
4-2 recommendations about locking down the hypervisor. the key points are:
4-3 recommendations for securing the virtual machines themselves
4-4 recommendations for securing a virtual desktop infrastructure
I would argue that you’ll also need System Center to manage your data centre security, check and rectify compliance issues as well as to audit and changes. To help with that there is a Governance Risk & Compliance Process Pack which uses the integration between Service Manager and the rest of System Center (Config Manager, Ops Manager, Virtual machine Manger via Orchestrator). It has extensive guidance for the non IT functions and has the side benefit of showing you how to unify System Center to better support the business.
Finally You’ll want to lock down windows server as well whether that’s the physical operating system or the guest and there’s a Security Compliance Manager to help with that.