Answer the question
In order to leave comments, you need to log in
What are the best practices for hypervisor isolation (Hyper-V)?
Good afternoon. I would like to know if there are any best practices for isolating a hypervisor in a corporate network. In particular the question of placement in the separate AD domain interests? In the infrastructure that I have adopted at my current workplace, hyper-v servers are hosted in a sub-domain of the main one, and I don’t see much point in this.
Option 3:
- leave everything as it is
- destroy the subdomain and drag the server to the main
one - raise another domain in the same (or even in another?) forest for hyper-v.
Option 2 is my favorite. How would you (do) act? Please share your experience.
Answer the question
In order to leave comments, you need to log in
A server in a domain is at least as secure as a server outside the domain. There are only two reasons for isolating the hypervisor, protection against compromise of the domain administrator, separation of administration responsibilities. IMHO in the first case, the attacker no longer needs a hypervisor. Those. this only makes sense if you need to hard decouple the domain administrator from the hypervisor. It is difficult for me to come up with scenarios within the same organization when
it is really necessary.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question