Forum Discussion
Best Practice for secure HyperV configuration
Our design and deployment teams were having a debate on the most secure way to deploy HyperV, particularly with respect to Ransomware attacks and protecting from encryption. There seems to be two...
To keep it as short as possible, here my 2 cents:
- Seperate infrastructure forest for fabric components (storage / compute)
- Use bastion jump servers for fabric admins, do not allow administrative access from client networks / admin PCs
- Dedicated management vlan for parent partition
- Make intra-cluster communication vlans, dedicated and private (not routed)
- Use server core or nano edition to keep layer-8 issues away as much as possible. A hyper-v host with GUI is not safe at all
- Use host firewall
- User PowerShell DSC / GPOs to prevent configuration drifts
Cheers,
Michael