To secure your virtual machines, keep the guest operating systems patched and protect your environment just as you would protect a physical machine. Consider disabling unnecessary functionality, minimize the use of the virtual machine console, and follow other best practices.

Protect the Guest Operating System

To protect your guest operating system, make sure that it uses the most recent patches and, if appropriate, anti-spyware and anti-malware programs. See the documentation from your guest operating system vendor and, potentially, other information available in books or on the Internet.

Disable Unnecessary Functionality

Check that unnecessary functionality is disabled to minimize potential points of attack. Many of the features that are used infrequently are disabled by default. Remove unnecessary hardware and disable certain features such as HFSG or copy and paste between the virtual machine and a remote console.

Use Templates and Scripted Management

Virtual machine templates allow you to set up the operating system so it meets your requirements, and to then create additional virtual machines with the same settings.

If you want to change settings after initial deployment, consider using scripts, for example, PowerCLI. This documentation explains many tasks by using the vSphere Web Client to better illustrate the process, but scripts help you keep your environment consistent. In large environments, you can group virtual machines into folders to optimize scripting.

See Use Templates to Deploy Virtual Machines. See vSphere Virtual Machine Administration for details.

Minimize Use of the Virtual Machine Console

The virtual machine console provides the same function for a virtual machine that a monitor on a physical server provides. Users with access to the virtual machine console have access to virtual machine power management and removable device connectivity controls, which might allow a malicious attack on a virtual machine.