S 2.446 Separation of administrative tasks for virtualisation servers

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

For virtualisation infrastructures, there are other administrative tasks in computer centre operations in addition to the usual roles and administrative tasks (see S 2.38 Division of administrator roles).

The particularity of the administrator role in a virtual infrastructure is that they may potentially have very extensive power over the virtual IT systems operated in the virtual infrastructure. This includes that they

Dividing the administrator role allows mutual control of the different administrator groups in specialised computer centre operations.

Thus, administrator roles assigning a selection of rights to certain user groups in the virtual infrastructure can be defined with some virtualisation products such as Citrix XENCenter, Microsoft System Center Virtual Machine Manager or VMware vSphere. Here, certain user groups can, for example, be prevented from exporting virtual IT systems from the virtual infrastructure. Moreover, authorisations to switch on and off virtual IT systems or to generate snapshots can be granted or revoked.

It must be checked whether dividing the administrator roles is necessary for the IT system to be operated virtually. For example, this can be the case if a certain administrator group is not be granted an authorisation for the assignment of networks for a virtual IT system with higher protection requirements regarding confidentiality.

If the division of administrator roles is required, the definition of corresponding administrator roles must be used for the virtualisation infrastructure. Several virtualisation products do not offer such an option. In this case, it must be checked whether it is sufficient to only divide administrator roles organisationally, i.e. by means of a policy.

Review questions:

© Federal Office for Information Security. All rights reserved.