Security Recommendations When Deploying XenServer
This guide helps you design security for a virtualized XenServer environment. It includes general best practices as well as information about the following:
- Protecting XenServer networks and storage
- Installing and deploying XenServer securely
- Configuring virtual machines
- Securing virtualized storage
The recommendations and guidance in this document are not intended to be exhaustive. Unless needed for clarity, this document does not provide detailed step-by-step procedures.
Applicable Versions
This guide applies to the following versions of XenServer:
- XenServer 8
Audience
Before reading this guide, you should have a basic knowledge of security, XenServer, and physical networking.
This guide has several audiences:
- Security specialists
- Systems architects
- Administrators
This guide assumes that you are familiar with basic XenServer concepts, including XenServer installation, XenCenter, resource pools, networking, and the pool coordinator (formerly pool master). You should also ensure that you are familiar with the release notes for the version of XenServer that you install.
Finding Configuration Instructions
You can find configuration instructions in the following locations:
- XenServer product documentation. The XenServer 8 product documentation provides overview information and command-line based instructions.
- XenCenter product documentation. The XenCenter documentation provides UI-based step-by-step instructions using the XenCenter administration console. Users who are not comfortable with the XenServer xe commands may prefer this option.
Terminology
- Guest Network: Guest networks carry VM traffic — the network traffic that originates or terminates from a virtual machine. These networks may also be referred to as VM networks.
- Management Interface: The management interface is a NIC (or a VLAN on a NIC) assigned an IP address that XenServer uses for its management network, including, but not limited to, traffic between hosts, between a host and Workload Balancing, and for live migration. This is also the IP address to which management clients such as XenCenter will connect.
- Hostile Traffic: Any network traffic that could potentially violate the confidentiality, integrity, or availability of your network or its associated systems.
- Control Domain: A special-purpose domain (VM instance), based on a Linux kernel, that exists in a single instance on each XenServer host. The control domain is usually the only privileged domain (meaning that it can use privileged hypervisor calls, for example to map physical memory into and out of domains) on a XenServer host, and is thus the only domain that can control access to physical input/output resources directly and access the content of other domains (that is, Domain U). The control domain is also known as Domain 0 or “dom0”.
- PV Drivers: Drivers in a guest that accelerate storage and network data paths. These are treated as part of the guest operating system, use unprivileged XenServer interfaces, and are not involved in implementing XenServer security functions.
- The management API: The API for managing XenServer environments (that is, for remotely configuring and controlling domains running on hosts in a XenServer pool). The management API is sometimes referred to as “XenAPI”.