VMware

Understanding Security in a Virtualized Environment

VMware offers the most secure and robust virtualization software available, and has both the technology and the processes to ensure that this high standard is maintained in all current and future products. Here are just a few reasons why you can trust the security of VMware software:

Secure architecture and design: VMware offers a secure platform for virtualization that controls virtual machine access to the CPU, RAM and other hardware resources
Virtual machine isolation and containment: VMware virtual machines are completely isolated from each other, as well as from their underlying hardware
Third-party validation of security standards: VMware has validated the security of our software against standards set by Common Criteria, NIST and other organizations
Production-proven technology: More than 100,000 customers—including all of the Fortune 100—trust VMware to virtualize their mission-critical applications

Hosted vs. Bare-Metal Virtualization

Many misconceptions about the security of virtualization arise out of confusion between two common approaches to virtualization: "hosted" and "bare-metal. Hosted virtualization software runs as an application or "guest" on top of a general-purpose operating system, whereas bare-metal virtualization interfaces directly with the computer hardware, without the need for a host operating system. The table below describes common security issues and the differences in how they affect hosted and bare-metal virtualization platforms.

Issue	Hosted	Bare-Metal
Vulnerability of the underlying operating system	Hosted virtualization products run on general-purpose operating systems, and are therefore susceptible to all the vulnerabilities and attacks that are prevalent on such systems.	VMware bare-metal virtualization is built around the “VMkernel”, a special-purpose microkernel that has a much smaller attack surface than a general-purpose operating system. VMware bare-metal virtualization also utilizes a Linux-like Service Console, but it runs in an isolated context and can be totally separated from all external network traffic.
Sharing of files and data between the guest and the host	Most hosted virtualization products provide methods to share user information from the guest to the host (shared folders, clipboards, etc). Although convenient, these are vulnerable to data leakage and malicious code intrusion.	Since the VMkernel and Service Console are designed specifically for virtualization, there is no mechanism or need to share user information between virtual machines and their host.
Resource allocation	Hosted virtualization products run as applications in the process space of the host OS. They are at the mercy of the host OS.	VMware bare-metal virtualization allocates resource intelligently while isolating virtual machines from underlying hardware components.

Thin Virtualization: Strong Security in a Small Package

"Thin" virtualization, found in software such as VMware ESXi 3.5, is the next step in virtualization, dramatically strengthening security and manageability. Here are some of the benefits to security made possible by this next-generation approach to virtualization:

Reduced size makes the attack surface much smaller, and reduces the potential for vulnerabilities
Independence from a parent partition or console based on a general-purpose OS means far fewer interfaces to exploit and less malware threats
Unstructured, console-based interaction for administration is replaced by authenticated and audited interfaces such as the VI Client and the Remote CLI

Take the Next Step

Visit the VMware Security Center to stay up-to-date on all current security issues or visit the VMware Virtual Appliance Marketplace to find certified virtual security appliances.

Home > Technology > Technology Resource Centers > Security > Security Basics

Security Center

Stay up-to-date on all current security issues, and to understand considerations related to securing your virtual infrastructure.

Visit the Security Center

Security Blog

Learn about securing your virtualized environments at the VMware Security Blog.

Read Now

Worldwide
- Deutsch
- English
- Español (Latin)
- Français
- 日本語
- 한국어
- Português
- Schweiz
- 简体中文
- 繁體中文