Photo by Craig Whitehead on Unsplash
Protect Hyper-V with on-board resources
Counterintelligence
Hosts, and their operating systems in particular, play a central role in secure operations with Hyper-V. The individual virtual machines (VMs) and the operating systems on the VMs naturally need to be secured. The third security-relevant area is the configuration files for the individual VMs and Hyper-V itself – and don't forget the system services. If available, it makes sense to use a trusted platform module (TPM) chip on Hyper-V hosts to take advantage of technologies such as BitLocker and shielded VMs. As an administrator, you're adding security in a number of places, and much of it with the help of Microsoft recommendations and templates.
Securing the Host and Operating System
Minimizing the attack surface is an important security foundation, and it starts with installation. In general, it is recommended that you use the Core installation of Windows Server 2019 or newer for Hyper-V hosts, which will help you prevent attacks on the desktop and the programs installed on it. Bear in mind that a graphical user interface (GUI) can be installed retroactively on Core servers.
If you do install the GUI, you should remove programs and services that are not required. For example, Windows Media Player is active by default on Windows Server 2019, but definitely not needed on production servers. To uninstall Media Player, enter:
dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer /norestart
Only absolutely essential services should be installed and started on the Hyper-V host. Any additional software just adds attack vectors. In general, it is almost always better to install additional software on another server rather than on a Hyper-V host on which numerous VMs are in use. Of course, this is also true when you consider performance.
Microsoft advises against deploying production VMs for server applications by way of Hyper-V on Windows 10.
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Hyper-V 3.0 in Windows Server 2012
In the old Hyper-V hypervisor from Microsoft, many features for professional use were missing. The new version 3.0 has been significantly improved and is slowly catching up to VMware.
-
Virtualization with Microsoft Hyper-V
In the face of competition from VMware, Microsoft has polished its own Hyper-V virtualization solution and firmly integrated it into Server 2008.
-
Hyper-V containers with Windows Server 2016
The release of Windows Server 2016 also heralds a new version of Hyper-V, with improved cloud security, flexible virtual hardware, rolling upgrades of Hyper-V clusters, and production checkpoints. -
Virtual networks with Hyper-V in Windows Server 2016
Microsoft provides some interesting virtualization features in current and future versions of Windows Server. You can connect or isolate virtual machines, and Windows Server 2016 even supports virtual switches. - Microsoft Says Linux Can Host Hyper-V
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
