Neil MacDonaldLast week, Microsoft released its beta guidelines for securing Hyper-V. Prescriptive guidance is an important first step for securely deploying any virtualization solution. As many of you know, Hyper-V is based on a virtual machine monitor that runs in a “parent” partition based on Windows Server 2008’s Server Core. Although Microsoft’s hypervisor itself is thin, the parent partition running in Server Core in a Hyper-V deployment is not. As I discussed previously here and here, the virtualization layer will be a target for attack, so hardening guidelines (especially on a footprint as large as Windows Server 2008 Core) is a welcome first step.
To close the gap with VMware, more information and tools are needed. Ideally, configuration guidelines for securing Hyper-V would be available from other independent sources such as the Center for Internet Security and the National Institute of Standards and Technology. For Gartner clients, we have provided a comprehensive overview of security considerations and best practices for securing virtual machines which was written to cover all virtualization platforms.
Also, we need third party configuration management tool vendors such as Configuresoft and Tripwire to automatically assess the configuration of Hyper-V deployments as they do today for VMware environments. Security and management tools to support Hyper-V deployments will come, but at this point lag far behind those available for VMware. Microsoft’s hardening guidelines are a welcome first step – but it’s only a step.
Comments Off
Category: Virtualization Security Tags: Best Practices, Hyper-V, Hypervisor Security, Virtualization Security, VMware
