5 VMware Virtual Machine Security Best Practices for MSPs

December 15, 2021 Melanie Purkis

Are you using VMware today or moving to Hosted VMware and unsure what security best practices you need to follow?

VMware is a powerful virtualization platform that can help increase your managed service business's bottom line. With VMware, you can simplify and reduce the cost of deploying and managing the applications on your servers. 

When clients need infrastructure and applications like enterprise resource planning (ERP) systems and data appliances, VMware provides best-in-class environments without compromising performance or security. Your clients can receive better performance, better support, and an overall technology experience if your managed service provider (MSP) is leveraging the benefits of VMware on their behalf.

VMware Security Out of the Box

VMware's security features, mature technology, and ease of use make it a staple for MSPs looking to protect their clients' workloads from different types of attacks.

VMware provides security for all its workloads and has many layers of protection. The most basic level of protection starts at the hypervisor level and spans to the virtual machine (VM) layer. 

VMware virtual machines are also compatible with several external and third-party security services. For example, popular tools like Microsoft's Active Directory are compatible with VMware. In addition, disk-level encryption technology like BitLocker can also be utilized with VMware. 

The most common attack on virtual machines is VM escape, where malware gets between the hardware, hypervisor, and guest operating system to destroy data. VMware mitigates this risk by building in protections such as isolation through segregating your networks or running your environment in a different location than your production network, so attacks will not be able to cross the boundaries.

VMware also is a leader in reducing the risk of DDoS attacks by integrating security directly into its products so you can implement it quickly without having to integrate third-party products or applications yourself. 

Configuring VMware with your firewall will help provide additional protection from being breached and allow for management through one console rather than through multiple products.

An MSP's Role in Securing VMware Workloads

However, as with any new technology, there are risks to be aware of. Despite being enterprise-grade software available to businesses of all sizes, VMware needs proper care and support for you and your clients to recognize the most significant benefits. 

One such place where extra attention is necessary? Security. As with all applications and infrastructure, security is of paramount importance.

The good news is that VMware does not have to be complicated or difficult to secure. In addition to the native security explained above, some straightforward best practices will help lock down your VMware workloads. 

This post will discuss five security best practices for VMware workloads - including what they are and how to secure them.

5 VMware Security Best Practices

A digital tablet with a digital overlay showing lines and graphs with a businessman holding and dragging on the tablet.

1. Antivirus for Your Infrastructure

The first security best practice is to ensure that your VMware infrastructure has an antivirus solution in place. While it may seem counterintuitive to have both an antivirus and a virtualization platform, the reality is that there are security risks with either option alone. By using both options together, you can bolster defenses against malware attacks within your environment.

2. Antivirus for Individual VMs

To protect against malware that may already be on your virtual machines, you should run the latest version of an antivirus solution in each VM. Unfortunately, many people do not realize that virtual machines operate apart from the core OS. That's the point of virtualization, after all. 

Would-be hackers and data thieves may try to infect the underlying hardware or the VMware virtual machines. Therefore, deploying antivirus software in both places is simply the best practice to follow and can provide robust VMware security protection.

3. Secure Data at Rest

Understand what is running within your VMware infrastructure and take steps for protecting data at rest. This would include encrypting hard drives or any other place where unencrypted sensitive information might be stored. 

While protecting data at rest is a commonly known best practice in IT security, it can get a little confusing to understand and separate those protections in individual virtual machines versus addressing hard drives and infrastructure as a whole. 

Take great care to locate where data resides, virtual or otherwise, and take necessary precautions to protect it at rest.

4. Apply All Patches in a Timely Manner

You should check that your VMware security is up-to-date and running with the latest patches installed. The hard work you do to provide security to your clients can be undone in an instant if a zero-day vulnerability in a VM remains unprotected.

By virtue of using such a popular and robust system like VMware, you are increasing your clients' risk profile. VMware is a popular target of hackers. There will be attempts to exploit any vulnerability detected in VMware. 

The best way to address these core vulnerabilities is to take VMware's guidance on what patches to use and when to use them.

5. Back Up Data on a Regular Basis

Regularly back up critical data in case of corruption or disaster recovery purposes. Regular backups - stored in a different location, of course - are highly recommended for any application or data store. That certainly applies to VMware deployments and workloads as well.

In technology, unexpected negative things happen often. Someone trips over a power cable at the data center. A motherboard melts down. A corrupt file or application spins out of control. 

Having a complete backup of an environment can turn an interruption event into a bad day instead of an extinction event. The key is proper VMware support and a complete and uncorrupted backup.

Give Clients Peace of Mind by Securing Your VMware Workloads

VMware is a powerful platform that can help your MSP grow its business and provide better customer service. To properly secure VMware workloads, you'll need to have an antivirus solution in place on each virtual machine, as well as keep security patches up-to-date across the entire infrastructure. Additionally, you'll want to encrypt any sensitive data at rest and regularly back up your virtual machines. By following these best practices, along with the other resources in this blog post, you can keep VMware workloads safe from security threats.

Still not sure how VMware fits into the offerings of your MSP? Eager to learn more about how VMware can help your clients achieve an even greater return on their investment with your firm? Connect with one of the Most Helpful Humans in Hosting and get the most out of VMware.

About the Author

Melanie Purkis

Melanie Purkis is the Director of Liquid Web's Managed Hosting Products & Services. Melanie has more than 25 years of experience with professional leadership, project management, process development, and technical support experience in the IT industry.

More Content by Melanie Purkis
Previous Article
Meet a Helpful Human – Chika Ibeneme
Meet a Helpful Human – Chika Ibeneme

Chika Ibeneme on the stellar culture at Liquid Web, supporting customers, and becoming a Microsoft Hackatho...

Next Article
Top 15 Most Common Security Issues and How to Fix Them
Top 15 Most Common Security Issues and How to Fix Them

Here are the top 15 common web security issues businesses face and what you can do. From DDoS attacks to da...