Security for Hyper-V hosts

by Mitch Tulloch [Published on 5 June 2014 / Last Updated on 5 June 2014]

A tip about what you can do to help ensure your Hyper-V hosts are secure.

It’s important to consider the security of your Hyper-V hosts as you prepare your host deployment plan. To begin with, you should apply the same principles, processes, and practices for securing Hyper-V hosts that you would apply to any other Windows Server components within your environment. In addition to adhering to such best practices, you should also do the following:

  • Deploy the Server Core installation option on your Hyper-V hosts instead of the Server With A GUI installation option. Server Core is now the default installation option when installing Windows Server 2012 because of its smaller attack surface and reduced servicing footprint. If needed, you can still use the Hyper-V Manager snap-in to manage Server Core hosts as long as you do so from either a server that has the Server With A GUI installation option installed or from a client machine that has the Remote Server Administration Tools (RSAT) for Windows 8 installed.

  • Do not install any additional server roles on your hosts other than the Hyper-V role. Your Hyper-V hosts should be dedicated servers whose only function is to host the virtualized workloads that run on them. Installing additional roles on hosts not only uses additional server resources (processor, memory, disk, and network), but it can also increase the server’s attack surface and maintenance (updating) requirements. The exception to this is the File And Storage Services role because the role services for this role can be used for configuration storage pools for virtual machine storage. For more information on the File And Storage Services role, see the next chapter.

Mitch Tulloch is a nine-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows administration, deployment and virtualization.  For more information see This tip was excerpted from his latest book Training Guide: Installing and Configuring Windows Server 2012 from Microsoft Press.

See Also

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links