Managing XenServer VMs

Managing Snapshots, Backups, and Archives

Recommendation:

• We recommend that you consider if there is potentially sensitive data on the VM before configuring VM snapshots, backups, archives, or disaster recovery. Specifically, when you create the extra copy, be aware of the storage array’s security level, physical security, and who can access it.

• We recommend, if VM snapshots include sensitive data, applying the same level of security to all aspects of the archival or backup process as you would to the VM. For example, ensure the following are secured appropriately: the storage array for the snapshots or archives and the network used to send the archives.

• We recommend, when configuring scheduled snapshots of VMs using the CLI or backed up VMs using Disaster Recovery, carefully reviewing the RBAC roles assigned to administrators. Be aware of which administrators may be able to access the snapshots and mirrored Disaster Recovery site.

  • Any administrator assigned an RBAC role of Pool Admin, Pool Operator, or VM Power Admin can start a snapshot taken from any VM in the pool (for which they have that role).

• We recommend, when backing up copies of VMs for storage, ensuring VMs containing sensitive information are backed up in a location with sufficient logical and physical security. In some cases, you may need to back up VMs containing sensitive data to a different location or configure different disaster recovery settings for sensitive VMs.

Scanning for Malware

Recommendation:

We recommend avoiding simultaneous virus scans on VMs.

Running simultaneous security scans on multiple VMs on a host can cause unnecessary spikes in resource usage. Unlike physical servers that typically have excess resource capacity, hosts are often run at maximum VM density so unexpected processes can potentially cause overloads – especially if features like Workload Balancing, which can balance virtual-machine loads across hosts, are not configured.

We recommend that, if supported, you configure your virus scanner to scan VMs randomly or download updates to VMs at different times. Some anti-virus applications have virtualization-aware features to help mitigate these issues.

Managing Dormant Virtual Machines

Recommendation:

• We recommend deleting any dormant, inactive VMs or actively monitoring, managing, securing, and including them in update cycles. Otherwise, they may potentially provide easy access to the environment.

• We recommend, when applying security updates, do not overlook VMs that are shut down or suspended. Failing to update any layer of software (for example, guest operating systems or workload applications), may leave security vulnerabilities and holes.

  Dormant VMs should be tracked and included in all security policies and updates.

Consider the following:

• Dormant virtual machines may contain sensitive data, such as credit card transactions or employee social-security numbers.

• Dormant VMs may not be included in the latest access policies, may not have the latest virus software, and may be inadvertently omitted from monitoring and virus updates. Consequently, organizations may believe their environments are secure when in reality they are vulnerable to known threats, which they believe they addressed.

Recommendation:

We recommend, depending on the risk profile of your environment (that is, if it has potentially dangerous or hostile traffic), if you must start a dormant VM that may be lacking significant security updates, start that VM on a network with restricted connectivity until the VM has a full complement of security updates.