Documents and Best Practices on securing virtualization
Some general comments on things to consider when building a virtual server environment
1. Run VM systems of a similar security level on a single hardware host.
a. You want your DMZ VM systems to run on one real host. Your internal servers should run on a separate real
host. Repeat this layering as necessary.
b. Never mix high and low security VM systems on the same real host.
2. Establish redundant real hosts to allow a regulated patch timetable for the host system
a. Patching the real host system becomes an issue since that may require the VM systems running on it to be down.
This is the classic security vs. availability conflict. Redundant systems is one way to allow security patched to be
applied to the real host and minimizing service interruption.
1 Comment
Randy Marchany
Nov 25, 2008Some general comments on things to consider when building a virtual server environment
1. Run VM systems of a similar security level on a single hardware host.
a. You want your DMZ VM systems to run on one real host. Your internal servers should run on a separate real
host. Repeat this layering as necessary.
b. Never mix high and low security VM systems on the same real host.
2. Establish redundant real hosts to allow a regulated patch timetable for the host system
a. Patching the real host system becomes an issue since that may require the VM systems running on it to be down.
This is the classic security vs. availability conflict. Redundant systems is one way to allow security patched to be
applied to the real host and minimizing service interruption.