NET, Visual C , and so on. Virtual Server can detect when a virtual machine session crashes and initiate event notices to external scripts. Extensive logging is available for each virtual machine session. Extensive logging, performance monitoring, and resource monitoring are directly accessible from Pmon.
Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Use it strictly as a tool to manage VMs. Restrict applications and browsing to virtual production servers. To ensure separation of duties for security and compliance purposes, no one person should have the ability to perform all administrative tasks. For example, a Hyper-V administrator should not have permission to manage VMs. Microsoft provides three pre-defined roles to help separate critical duties:.
In addition, consider separating physical security administration from Hyper-V administration. In other words, because an engineer has to maintain the Host hardware and OS does not mean he or she needs access to the MOS. Further, using the Authorization Manager MMC snap-in provides granular control of administrative tasks.
Microsoft provides lists of operations see the following tables you might consider when segregating management responsibility with your own roles p. Table 1: Hyper-V Service Operations. Table 2: Hyper-V Network Operations. Files of particular interest have specific extensions:. Whether you choose to leave them in their default locations or move them into a granular folder structure, consider protecting these files with the following controls:.
When applying access controls, remember that a VM administrator might not need access to all VMs. For each administrator, allow access only to files for VMs he or she manages. Auditing includes both file access and system monitoring. Windows TechNet provides audit policy implementation instructions. All files associated with VM and RP configuration and data storage are candidates for auditing.
In addition to file access auditing, use Microsoft System Center Operations Manager , or similar monitoring tool, to alert on unwanted or high-risk behavior.
Physical and virtual servers require the same administrative, logical, and physical controls—including participation in an aggressive patching process.
Patching running VMs is straightforward. They look like any other server to your patching application.
But what about VMs not currently running? It is never a good idea to add an unpatched server to a production environment. Microsoft TechNet has a solution for this. Use of this tool requires one of the following:.
Each archived VM is started, updated, and then stored and deactivated. Note the requirement for a maintenance host. Place this server in a restricted network segment. Ensure its security is commensurate with the highest classification of data in your enterprise.
Isolating devices in a virtual environment follows the principle of network segmentation. Segmenting a network allows only explicitly permitted network traffic to reach a device. In a virtualized environment, there are two possible segmentation methods: physical and virtual. The final step in configuring a Host is connecting it and its VMs to the network. However, not all network connections are the same. Network segmentation is necessary to ensure only authorized traffic arrives at the most sensitive areas.
This requires at least two network interface cards NICs installed in the Host. At the most basic level, access to the MOS should be over a dedicated management segment connected to one of the NICs. Using physical VLANs , this is simple and provides the first layer of security against unauthorized access to the Hyper-V configuration. Figure 4 shows the physical NIC assignment window. Figure 4: NIC Assignment. A virtual switch is created for each of the NICs you select in the process above, as shown in Figure 5.
You can also configure your own. According to Panek ,. You can limit the communications to or from a virtual machine and the VLAN.
Virtual switches function like physical switches, including allowing creation of VLANs to control traffic flow. Three types of virtual networks VNs are possible: internal, external, and private. Figure 5: Virtual Switches. However, there is temptation to use it for quickly instantiating servers outside established change management processes.
When this happens, all oversight to ensure attack surface mitigation is by-passed. Over time, out-of-control virtualization can become a bigger risk than it is a benefit. Keeping risk low is not difficult. Ensure any server showing up on your network is quickly identified and its authorization confirmed.
Create policies that include ensuring all virtual server implementations follow a strict change management process. Finally, work with your engineers to get their buy-in. Proliferation risk is manageable with the right processes, controls, and attitudes in place. Microsoft Hyper-V technology is a significant addition to business productivity tools.
It provides flexibility, resiliency, and quick IT reaction times when business needs arise. In many ways, the same security policies apply to VMs and physical servers, but there are a few differences. Segregate administrative roles and control access to VM files based on least privilege. This might be difficult for small IT shops, but make every effort to ensure physical server, management operating system, and VM administration are not performed by the same person.
Include archived VMs in your patching process. Treat them like running servers. Keeping them patched prevents surprises when you start them after a few months and without critical security patches. Use physical and virtual network segmentation to restrict traffic and access. This includes using virtual switches to segregate VMs on the same Host. Finally, control VM proliferation. Integrate VM creation, start up, and shut down activities into your change management and network monitoring processes.
Microsoft MSDN. Hyper-V architecture. Visual Studio built-in features empower full development cycle. Faster and more reliable bit IDE. Comes with. Enhanced IntelliCode completions. Get more from Visual Studio with a subscription! Get access to platforms like Azure, training, and more for your team. Configure and theme just like you would expect from any modern development tool.
Whether you choose one of the default themes already installed or explore new themes from the Visual Studio Marketplace, you have the freedom to make your editor or IDE truly yours. Extensions are add-ons that customize and enhance Visual Studio, including extra settings, features, or uses for existing tools. Search extensions for your workflow.
Millions of developers from teams and organizations of all sizes rely on Visual Studio products to make their software. Started the new preview of VS first x64 devenv.
This device is not currently supported for these products. To continue downloading, click here. Visual Studio can do that. Meet the Visual Studio family. Visual Studio Version Download Visual Studio Community Professional Enterprise Visual Studio for Mac Version 8.
Read more about activating your license. Visual Studio Code Version 1.
0コメント