Hardening VMs on VMware ESXi/vCenter

Hello vCommunity,

Hope you are doing all great, today I wanted to share with you some tips on how to harden your VMs and avoid people to start messing around with it.

Let´s begin…

Disabling Copy & Paste between Guest OS and remote consoles by default.

Right click on the desired VM -> Edit Settings -> VM Options -> Advanced ->Configuration Paremeters -> Click on Edit Configuration.

Add the following rows:

Name	Value
`isolation.tools.copy.disable`	`true`
`isolation.tools.paste.disable`	`true`

P.D: VM needs to be powered off to make the change.

Removing unnecessary devices (CD-ROM/Floppy)

Right click on the desired VM -> Edit Settings -> Virtual Hardware – Hover the device en right click on the X to remove the device, press ok to finish.

Before removing the devices:

After removing the devices:

Limiting the number of simultaneous connections:

Right click on the desired VM -> Edit Settings -> VM Options -> VMware Remote Console -> Maximum number of sessions.

Set the number of max simultaneous connections:

Example: 1

This is the message that the other user will receive if they are trying to open this VMs console:

You can try also locking the guest OS when the last remote user disconnects.

P.D: VM needs to be powered off to make the change.

Prevent a Virtual Machine User or Process from Disconnecting Devices

Right click on the desired VM -> Edit Settings -> VM Options -> Advanced ->Configuration Paremeters -> Click on Edit Configuration.

Name	Value
isolation.device.connectable.disable	`true`
isolation.device.edit.disable	`true`

Prevent Virtual Machines from Taking Over Resources

Recommendation took from vSphere Security

1 Provision each virtual machine with just enough resources (CPU and memory) to function properly.
2 Use Shares to guarantee resources to critical virtual machines.
3 Group virtual machines with similar requirements into resource pools.
4 In each resource pool, leave Shares set to the default to ensure that each virtual machine in the pool receives approximately the same resource priority.
With this setting, a single virtual machine cannot use more than other virtual machines in the resource
pool.

Hope you enjoy this tips, do not forget to comment and share.

Jorluis

Featured

VCAP-DCV Deploy - HOL based simulator - FREE

Featured

VCAP6-DCV Deploy (3V0-623) Exam experience - Jorluis Perales

Featured

ESXi booting faster than your SAN

Featured

Loopback interfaces…. Why they are even needed?

Featured

Port Channel or EtherChannel?

Featured

Expanding an XFS File Systems using LVM in Linux

Featured

How to install and configure Squid Proxy Server on CENTOS/RHEL 7

Featured

Creating a shared folder on Linux and accessing to it from Windows

Featured

How to Change an AHV Based Nutanix Controller Virtual Machine (CVM) RAM

Featured

Adding a Nutanix Network Share as a Datastore in VMware ESXi

Featured

Configuring a HTTP Proxy in Nutanix

Featured

The easiest way to configure a persistent scratch location (ESXi)

Featured

vSphere Distributed Switch backup, why it is so important?

Featured

Creating a local linux based content library for vCenter

Featured

Creating a shared folder on Linux and accessing to it from Windows

Featured

Setting up an Active Directory domain on Windows Server 2012

Featured

How to manually find and install Windows Server hotfix – update

Featured

The easiest way to configure a persistent scratch location (ESXi)

Featured

Content Library template VM not getting the proper vSAN storage policy (default or assigned) fully applied

Featured

Cool features: Data Migration Pre-check - vSAN

Hardening VMs on VMware ESXi/vCenter

About The Author

Jorluis Perales

Related Posts

Configure BMC/iDRAC’s IP – VxRail

Troubleshooting vCenter error: 503 Service unavailable failed to connect to endpoint vpxd webserver pipe

Gathering ESXi version

Upgrading vCenter Server Appliance (VCSA) from 6.0 to 6.5

Leave a reply Cancel reply

Follow Us

Recent Posts

Categories

TAGS

Sponsors

Pin It on Pinterest