Virtual machine security settings
Virtual machine security settings
There are three basic types of security settings that you can configure for virtual machines:
- Virtual machine user account. You can define a user account under which a virtual machine will run. It always runs under this account whether you manually start the virtual machine or configure it to automatically start when Virtual Server starts. In addition, virtual machine scripts will run under this account. Therefore, for security reasons, you must define this account before you can configure scripts for a virtual machine. Scripts will run under this account rather than the account of the logged-on user, thereby avoiding a security vulnerability posed by an elevation of privilege. You must also define this account before you can configure a virtual machine to automatically start when Virtual Server starts. For more information about defining this user account as well as configuring virtual machine startup options, see Modifying general virtual machine properties.
- Virtual machine access and control. The ability for users to access and manage a virtual machine is controlled through file system discretionary access control lists (DACLs) on the virtual machine configuration and resource files. For more information about the default settings, see File system security settings for Virtual Server. For more information about configuring the settings, see Configuring virtual machine security. In addition, to allow users to log on to a virtual machine, you must add their user accounts to the guest operating system.
- VMRC connections. You can define the type of authentication to use for Virtual Machine Remote Control (VMRC) access. In addition, you can configure Secure Sockets Layer (SSL) security on VMRC connections. These settings apply globally to all VMRC connections. For more information, see Virtual Server security settings.
For more information about configuring security, see Securing Virtual Server.