What are the best practices for hypervisor isolation (Hyper-V)?

P

Pavel2015-07-18 17:53:15

Virtualization

Pavel, 2015-07-18 17:53:15

Good afternoon. I would like to know if there are any best practices for isolating a hypervisor in a corporate network. In particular the question of placement in the separate AD domain interests? In the infrastructure that I have adopted at my current workplace, hyper-v servers are hosted in a sub-domain of the main one, and I don’t see much point in this.
Option 3:
- leave everything as it is
- destroy the subdomain and drag the server to the main
one - raise another domain in the same (or even in another?) forest for hyper-v.
Option 2 is my favorite. How would you (do) act? Please share your experience.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

nApoBo3, 2015-07-18
@nApoBo3

A server in a domain is at least as secure as a server outside the domain. There are only two reasons for isolating the hypervisor, protection against compromise of the domain administrator, separation of administration responsibilities. IMHO in the first case, the attacker no longer needs a hypervisor. Those. this only makes sense if you need to hard decouple the domain administrator from the hypervisor. It is difficult for me to come up with scenarios within the same organization when
it is really necessary.

A

Anton, 2015-07-18
@Largo1

in principle, it makes no difference, it is difficult to predict the reasons that prompted such an implementation, as an option - this is due to GPO