S 2.490 Planning the use of virtualisation using Hyper-V

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator, Head of IT, Specialists Responsible

With Hyper-V, Microsoft provides its own hypervisor-based virtualisation solution. When using Hyper-V, S 3.4 Virtualisation must always be applied to the server. Depending on the design of the virtual infrastructure, quite comprehensive dependencies may occur during the modelling phase. In addition to the virtualised servers (i.e. the guests), a virtual network infrastructure and possibly virtual active network components are also set up.

In addition to the general conditions handled in the "Virtualisation" module, system-specific decisions must be taken during the planning of a Hyper-V-based virtualisation.

Hyper-V is installed as role in Windows Server 2008. After the installation, the operating system itself runs in the hypervisor as virtual machine. Here, it "degrades" itself to a pure management console and acts as resource administration for the other virtual machines.

During the planning for Hyper-V, the protection requirements of the guest systems should be considered in particular. The protection requirements for the host system and the management instance of Windows Server 2008 are determined in accordance with the maximum and accumulation principle based on the protection requirements of the guests. Following an extension by additional guest systems, it may be necessary to subsequently adapt the protection requirements of a host system. If future extensions are already foreseeable during the planning phase, they should therefore be taken into account accordingly.

Certain features cannot be changed subsequently or can only be changed at great time and expense and must already be taken into account during the planning phase. In particular, this includes the installation as Server Core (see S 4.416 Use of Windows Server Core), which serves to reduce the number of points of attack in the event of increased protection requirements.

The installation as Server Core should only be dispensed with if it is foreseeable that no increased protection requirements will be placed on the guest systems. The disadvantages of the missing user interface are often compensated for by advantages such as lower resource utilisation, lower need for patches, lower number of points of attack and the remote administration tools for Hyper-V.

As an alternative to the installation as Server Core, it is also possible to install the Hyper-V Server 2008 R2. This option is a restricted version of Server Core, which only supports the Hyper-V role and has a changed licence model without integrated guest licences

As a Hyper-V server can depict an entire infrastructure including the network, differentiated roles should be defined for administration to ensure that individual administrators are not granted an excessively high number of rights. S 5.153 Planning the network for virtual infrastructures describes, for example, the separation of network segments on virtualised systems. An administrator of a guest system who can change the connection of the virtual network cards is able to disable network separation mechanisms (see T 3.99 Incorrect network connections of a virtualisation server). This can be avoided by planning the administration roles in a suitable manner in which the Hyper-V roles reflect the existing authorisations to the physical resources (SAN, network connections).

For the implementation of the administration roles in Hyper-V, Microsoft offers the "Authorization Manager" or "azman.msc" introduced in Windows Server 2003 and higher. Using this tool, roles can be defined using a combination of processes (e. g. Assignment of external Ethernet ports) and areas (e. g. groups of guest systems). The roles should already be specified during the planning phase.

For the virtual infrastructure, an integrated backup concept must be developed taking the system-specific aspects of Hyper-V into account. With the Hyper-V VSS Writer ("Volume Shadow Copy Service"), Hyper-V provides its own backup mechanism, which also stores metadata of the guest systems. Using this mechanism, however, requires compatibility with the backup software used.

Review questions:

• Are the protection requirements to be expected in future included in the planning for the Hyper-V virtualisation environment?
• Are the authorisation structures of the physical resources (SAN, network connections) depicted in the roles for the Hyper-V virtualisation environment?
• Is an integrated backup concept available for servers and guest systems of the Hyper-V virtualisation environment?