Server Security Levels ESX Server Users and Permissions Securing the Service Console
2
2
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
Medium On Low On
3
3
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
RX
Start, Stop, Reset, Suspend VM via MUI, Remote Console, API Access files read-only
RW
Can access VM from MUI but cannot run VM, only monitor Details and Event Logs Configure VM and save changes via MUI Cannot connect to VM via Remote Console Connect to VM via API Access and modify files that make up VM
Check permissions on both the .vmx file and the parent directories
RWX
Full access, actions, and modification privileges
5
5
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
RX Start, stop, reset, suspend using MUI, Remote Console, or API; Access files readonly
6
6
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
7
7
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
Remote Console
Remote Console xinetd
VM Authentication
vm-list
Virtual Machine
8
8
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
9
9
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
Understand how network traffic can pass from one network to the next
Watch for VMs with NICs on different networks
Physical interfaces must run in promiscuous mode unless they have exactly one VM bound to them
10
10
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
11
11
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
12
12
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
Summary
Choose the right security level
Secure deployment means matching security level to security environment
Restrict user access to the Service Console Turn off needless services on the Service Console Know your VMs!
13
13
For ESX Server 2.0.1 2003-10-27 Copyright 2003 VMware, Inc. All rights reserved.
Questions?