Prevent Users from Accessing My Virtual PCs
- Hello,
I have installed on 3 virtual guests - XP,VISTA and Server 2008.
All virtual pcs can go and use the internet. Share folders are used to transfer data from one pc to another and get services from the virtual server (2008). They act like a 'Sand-Box'.
My question is, how can I block users from other PCs in my company network from accessing my virtual server or guests?
Thankis
lekfir- Changed TypeBrianEhMVP, ModeratorThursday, November 05, 2009 9:32 PM
Answers
- Once a virtual machine is booted and running, it is the same as a physical machine on your network. How would you prevent someone from using a physical machine on the network? Use the same strategy for securing a virtual machine on your network.
- Marked As Answer byVincent HuMSFT, ModeratorMonday, November 16, 2009 8:14 AM
- Edited byJohn Paul CookMVP, ModeratorFriday, November 06, 2009 4:31 PMfix typos
All Replies
- You isolate them and you require the users to authenticate. Just as you do in any network.
Requiring passwords are a great first step, expecially passwords that only you know.
Don't open your shares to "everyone"
Your only other option is to create a private subnet that only your VMs talk on - by manually assigning IP addresses. This is not done through Hyper-V but through the configuration of your VMs - it would however affect their ability to access the internet.
I assume that you are using Hyper-V and these VMs are hosted by the Hyper-V host.
Brian Ehlert (hopefully you have found this useful)- Proposed As Answer byYassine_Souabni Friday, November 06, 2009 10:42 AM
- Once a virtual machine is booted and running, it is the same as a physical machine on your network. How would you prevent someone from using a physical machine on the network? Use the same strategy for securing a virtual machine on your network.
- Marked As Answer byVincent HuMSFT, ModeratorMonday, November 16, 2009 8:14 AM
- Edited byJohn Paul CookMVP, ModeratorFriday, November 06, 2009 4:31 PMfix typos
- Thanks all,
What is the "strategy for securing a virtual machine on your network" means?
I still want those VMs to use the internet. The thing is that I don't want that other physical PCs will be abla to reach the virtual server...
Thanks!
lekfir - It was a typo, which I've fixed.
The responce that we have given is the same that we would give if your VM was a physical box.
You have a desire to prevent other physical PCs to reach the virtual server.
We consider that the term "virtual Server" refers to the VMs, not the host.
We have suggested securing the shares that you state that you have.
You require that the VMs be able to access the Internet - so physically isolating their network traffic is out.
If we have missed the point, then we need greater detail in the description of your desired outcome. The term "protect" is a pretty big one and there can be tons of suggestions that totally miss the point.
What exactly are you desiring to protect?
What actions are you attempting to block?
What is the scenario?
Brian Ehlert (hopefully you have found this useful)Hi,
We need more information about your environment and your concern, then we can perform the further research.
Once your create a virtual machine(guest), they runs just like a normal physical computer in your LAN. So what John mentioned is that you can perform the same method (you used to prevent users accessing the normal physical computers) on the virtual machines(guests)
Vincent Hu
