The hypervisor is the construct underlying the integrity of the tenant’s virtual machines. Protecting it effectively is of the utmost importance. Any compromise of the hypervisor could seriously affect the virtual machines it hosts, leading to performance issues, data corruption, data loss, or even data exposure. In addition, because these attacks can occur below the guest operating system, they can be challenging to detect and have a much larger impact.

For instance, the effect of a Denial of Service (DoS) attack against an ESXi host is magnified because it affects all the virtual machines running on it. On a classic physical server, a DoS attack that monopolizes the system’s CPUs affects only that host. However, in a virtual infrastructure, that same attack against an ESXi host can starve the physical CPUs of resources, affecting all virtual machines hosted on that hypervisor. In addition, if that host is part of a vSphere cluster and virtual machines are relocated as a result of the attack, this might impact all hosts, and in turn, all virtual machines in the cluster, leading to serious performance degradation of the entire infrastructure.

The next consideration is protection of the virtual machines. Protecting just the hypervisor is not enough. The virtual machines themselves must be secured in the same way as a classic physical server. While in a vSphere infrastructure, virtual machines are isolated in terms of having a separate guest instance on top of a dedicated VMM, they still communicate with each other over the network, the same way other hosts do. Unfortunately, traditional mechanisms, such as physical firewalls, would have had limited effectiveness, because much of the intercommunication takes place on the hypervisor itself. Fortunately, VMware NSX mitigates many of these risks.

In the following sections, we address some of the security measures that can provide protection on complex service-provider, multitenanted platforms.