Securing VMotion Traffic
Another great post on the VMware Security Blog has outlined some of the best practices associated with isolating all VMotion traffic.
This was born out of an exploit being found that allows a hacker to take control of a mid-migration Virtual Machine.
Here’s an overview of the main points:
- Provide a VLan with no endpoints other than the VMotion NICs of all associated ESX Servers
- Tightly control user account access in VirtualCenter
- Don’t enable Promiscuous Mode on vSwitches
If you would like to read the whole article, you can do so by clicking here.
