VDI Security - Securing Virtual Desktops running on Hyper-V
The following considerations and recommendations relate to configuring virtual machines on a computer running Windows Server 2008 Hyper-V.
· Determine where to store the virtual machine files and the VHDs. See “Securing Dedicated Storage Devices” earlier in this chapter for guidance.
· Decide how much memory to assign to a virtual machine. Memory on the physical computer is apportioned to all of the virtual machines on the server, including the virtual machine running the management operating system, so assigning an appropriate amount of memory to each virtual machine is important to ensure the continuing availability of all virtual machine resources. The amount of memory to assign will depend on the workload of the virtual machine, how much physical memory is available on the computer, and how much memory other virtual machines running on the same computer are using.
· Impose limits on processor usage. By default, Hyper-V does not limit the amount of processing power used by virtual machines. A compromised virtual machine that can use all of the processing power on the physical computer could cause the computer and other virtual machines running on it to become unresponsive. The precise number of logical processors to use and the limits that you should impose on them depend on the workload they perform, the number of physical processors and cores installed on the physical computer, and the amount of processor power required by other virtual machines running on the same computer. To ensure continuing availability of all VM resources, monitor processor usage and adjust the limits accordingly.
· Configure only required storage devices for a virtual machine. Give each virtual machine access to the physical hard disks, VHDs, and removable storage devices that it needs, and no others. If a virtual machine does not require access to a resource like a CD/DVD drive except when you are installing software, for example, remove the virtual drive or select None as the media when it is not in use.
· Enable support for time synchronization. Time synchronization can be important in some auditing scenarios, because the system time of virtual machines can drift out of sync with the management operating system for virtual machines that are under constant heavy load. For time synchronization to work you need to install the Hyper-V Integration Services on the virtual machines. For information about installing and using Integration Services, see the Hyper-V Getting Started Guide on Microsoft TechNet.
· Place virtual machines of a similar trust level on the same physical computer. To maintain security in your organization, deploy your virtual machines in such a way that all the VMs on a given physical computer share a similar level of trust, and then configure the computer to be at least as secure as the most secure VM. Virtual machines that are exposed to external access, such as Web servers, or that must be accessed widely require different security precautions than servers to which access is tightly controlled or limited to a small number of users.
· Delete decommissioned high-security VHDs. For high-security VMs that contain sensitive information, establish a process for securely deleting the VHD files after decommissioning. Tools such as SDelete v 1.51, available for download from Microsoft TechNet, can help with this process.
· Store snapshot files securely. A snapshot is a “point in time” image of a virtual machine’s state that you can return the machine to later. It is conceptually similar to the System Restore feature of Windows XP and Windows Vista, or the undo disks used by Virtual PC and Virtual Server. Store any snapshots you create together with their associated VHDs in an equally secure location.