部署4HyperV 安全解决方案加速器指南.docx
- 文档编号:17660137
- 上传时间:2023-04-24
- 格式:DOCX
- 页数:49
- 大小:850.11KB
部署4HyperV 安全解决方案加速器指南.docx
《部署4HyperV 安全解决方案加速器指南.docx》由会员分享,可在线阅读,更多相关《部署4HyperV 安全解决方案加速器指南.docx(49页珍藏版)》请在冰豆网上搜索。
部署4HyperV安全解决方案加速器指南
Hyper-V™SecurityGuide
Version1.0
Published:
March2009
Forthelatestinformation,pleasesee
Copyright©2009MicrosoftCorporation.Allrightsreserved.Complyingwiththeapplicablecopyrightlawsisyourresponsibility.Byusingorprovidingfeedbackonthisdocumentation,youagreetothelicenseagreementbelow.
Ifyouareusingthisdocumentationsolelyfornon-commercialpurposesinternallywithinYOURcompanyororganization,thenthisdocumentationislicensedtoyouundertheCreativeCommonsAttribution-NonCommercialLicense.Toviewacopyofthislicense,visithttp:
//creativecommons.org/licenses/by-nc/2.5/orsendalettertoCreativeCommons,543HowardStreet,5thFloor,SanFrancisco,California,94105,USA.
Thisdocumentationisprovidedtoyouforinformationalpurposesonly,andisprovidedtoyouentirely"ASIS".YouruseofthedocumentationcannotbeunderstoodassubstitutingforcustomizedserviceandinformationthatmightbedevelopedbyMicrosoftCorporationforaparticularuserbaseduponthatuser’sparticularenvironment.Totheextentpermittedbylaw,MICROSOFTMAKESNOWARRANTYOFANYKIND,DISCLAIMSALLEXPRESS,IMPLIEDANDSTATUTORYWARRANTIES,ANDASSUMESNOLIABILITYTOYOUFORANYDAMAGESOFANYTYPEINCONNECTIONWITHTHESEMATERIALSORANYINTELLECTUALPROPERTYINTHEM.
Microsoftmayhavepatents,patentapplications,trademarks,orotherintellectualpropertyrightscoveringsubjectmatterwithinthisdocumentation.ExceptasprovidedinaseparateagreementfromMicrosoft,youruseofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarksorotherintellectualproperty.
Informationinthisdocument,includingURLandotherInternetWebsitereferences,issubjecttochangewithoutnotice.Unlessotherwisenoted,theexamplecompanies,organizations,products,domainnames,e-mailaddresses,logos,people,placesandeventsdepictedhereinarefictitious.
Microsoft,ActiveDirectory,BitLocker,Hyper-V,Windows,WindowsServer,andWindowsVistaareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.
YouhavenoobligationtogiveMicrosoftanysuggestions,commentsorotherfeedback("Feedback")relatingtothedocumentation.However,ifyoudoprovideanyFeedbacktoMicrosoftthenyouprovidetoMicrosoft,withoutcharge,therighttouse,shareandcommercializeyourFeedbackinanywayandforanypurpose.Youalsogivetothirdparties,withoutcharge,anypatentrightsneededfortheirproducts,technologiesandservicestouseorinterfacewithanyspecificpartsofaMicrosoftsoftwareorservicethatincludestheFeedback.YouwillnotgiveFeedbackthatissubjecttoalicensethatrequiresMicrosofttolicenseitssoftwareordocumentationtothirdpartiesbecauseweincludeyourFeedbackinthem.
Contents
Overview
WelcometotheHyper-V™SecurityGuide.ThisguideprovidesinstructionsandrecommendationstohelpstrengthenthesecurityofcomputersrunningtheHyper-VroleonWindowsServer® 2008.
Microsoftengineeringteams,consultants,supportengineers,partners,andcustomershavereviewedandapprovedthisprescriptiveguidancetomakeit:
∙Proven.Basedonfieldexperience.
∙Authoritative.Offersthebestadviceavailable.
∙Accurate.Technicallyvalidatedandtested.
∙Actionable.Providesthestepstosuccess.
∙Relevant.Addressesreal-worldsecurityconcerns.
MicrosofthaspublishedsecurityguidesforWindowsServer2008andWindowsServer 2003.ThisguidereferencessignificantnewcapabilitiesandsecurityenhancementsinWindowsServer 2008.TheguidewasdevelopedandtestedwithcomputersrunningtheHyper-VroleonWindowsServer 2008thatwerejoinedtoadomainthatusesActiveDirectory®DomainServices(AD DS).
AsHyper-Vcontinuestoevolvethroughfuturereleases,youcanexpectupdatedversionsofthisguidancetoincludemoresecurityrecommendations.SolutionAcceleratorsarealsoavailabletoassistyouwiththedeploymentandoperationofWindowsServer 2008aswellasotherMicrosofttechnologies.Formoreinformationaboutallavailableaccelerators,visitSolutionAcceleratorsonMicrosoft®TechNet.
WhoShouldReadThisGuide
TheHyper-VSecurityGuideisprimarilyforITprofessionals,securityprofessionals,systemsarchitects,computerengineers,andotherITconsultantswhoplanapplicationorinfrastructuredevelopmentanddeploymentsofWindowsServer 2008forserversinanenterpriseenvironment.Theguideisnotintendedforhomeusers.Thisguideisforindividualswhosejobsmayincludeoneormoreofthefollowingroles:
∙Securityprofessional.Individualsinthisrolefocusonhowtoprovidesecurityacrosscomputingplatformswithinanorganization.Securityprofessionalsrequireareliablereferenceguidethataddressesthesecurityneedsofallsegmentsoftheirorganizationsandalsooffersprovenmethodstoimplementsecuritycountermeasures.Theyidentifysecurityfeaturesandsettings,andthenproviderecommendationsonhowtheircustomerscanmosteffectivelyusetheminhighriskenvironments.
∙IToperations,helpdesk,anddeploymentstaff.Individualsinalloftheserolestroubleshootsecurityissuesaswellasapplicationinstallation,configuration,usability,andmanageabilityissues.Theymonitorthesetypesofissuestodefinemeasurablesecurityimprovementswithminimalimpactoncriticalbusinessapplications.IndividualsinIToperationsfocusonintegratingsecurityandcontrollingchangeinthedeploymentprocess,anddeploymentpersonnelfocusonadministeringsecurityupdatesquickly.
∙Systemsarchitectandplanner.Individualsinthisroledrivethearchitectureeffortsforcomputersystemsintheirorganizations.
∙Consultant.Individualsinthisroleareawareofsecurityscenariosthatspanallthebusinesslevelsofanorganization.ITconsultantsfrombothMicrosoftServicesandpartnerstakeadvantageofknowledgetransfertoolsforenterprisecustomersandpartners.
SkillsandReadiness
Thefollowingknowledgeandskillsarerequiredforconsultants,operations,helpdeskanddeploymentstaff,andsecurityprofessionalswhodevelop,deploy,andsecureserversystemsrunningWindowsServer 2008inanenterpriseorganization:
∙MCSEonMicrosoftWindowsServer 2003oralatercertificationandtwoormoreyearsofsecurity-relatedexperience,orequivalentknowledge.
∙ExperienceusingHyper-VManagerandSystemCenterVirtualMachineManager2008(VMM2008).
∙Detailedknowledgeoftheorganization’sdomainandActiveDirectoryenvironments.
∙ExperienceintheadministrationofGroupPolicyusingtheGroupPolicyManagementConsole(GPMC),whichprovidesasinglesolutionformanagingallGroupPolicy–relatedtasks.
∙ExperienceusingmanagementtoolsincludingMicrosoftManagementConsole(MMC),Gpupdate,andGpresult.
∙ExperienceusingtheSecurityConfigurationWizard(SCW).
∙Experiencedeployingapplicationsandservercomputersinenterpriseenvironments.
ChapterSummaries
ThisreleaseoftheHyper-VSecurityGuideconsistsofthisOverviewandthreechaptersthatdiscussmethodsandbestpracticesthatwillhelpyousecureyourHyper-Venvironment.Briefdescriptionsfollowforeachchapter.
Overview
Theoverviewstatesthepurposeandscopeoftheguide,definestheguideaudience,anddescribestheguide'sstructuretohelpyoulocatetheinformationthatisrelevanttoyou.Italsodescribestheuserprerequisitesfortheguidance.
Chapter1:
HardeningHyper-V
ThischapterprovidesprescriptiveguidanceforhardeningtheHyper-Vrole.ItdiscussesseveralbestpracticesforinstallingandconfiguringHyper-VonWindowsServer2008serverwithafocusonsecurity.ThesebestpracticesincludemeasuresforreducingtheattacksurfaceofaserverrunningHyper-VandrecommendationsforproperlyconfiguringsecurenetworkandstoragedevicesonaserverrunningHyper-V.
Chapter2:
DelegatingVirtualMachineManagement
Thischapterdiscussesseveralavailablemethodsfordelegatingvirtualmachinemanagementsothatvirtualmachineadministratorsonlyhavetheminimumpermissionstheyrequire.Itdescribescommondelegationscenarios,andincludesdetailedstepstoguideyouthroughusingAuthorizationManager(AzMan)andSystemCenterVMM2008toseparatevirtualmachineadministratorsfromvirtualizationhostadministrators.
Chapter3:
ProtectingVirtualMachines
Thischapterprovidesprescriptiveguidanceforsecuringvirtualmachineresources.Itdiscussesbestpracticesandincludesdetailedstepsforprotectingvirtualmachinesbyusingacombinationoffilesystempermissions,encryption,andauditing.Alsoincludedareresourcesforhardeningandupdatingtheoperatingsysteminstancesrunningwithinyourvirtualmachines.
StyleConventions
Thisguidanceusesthestyleconventionsthataredescribedinthefollowingtable.
Element
Meaning
Boldfont
Signifiescharacterstypedexactlyasshown,includingcommands,switches,andfilenames.Userinterfaceelementsalsoappearinbold.
Italicfont
Titlesofbooksandothersubstantialpublicationsappearinitalic.
Placeholderssetinitalicandanglebrackets
Monospacefont
Definescodeandscriptsamples.
Note
Alertsthereadertosupplementaryinformation.
Important
Alertsthereadertoessentialsupplementaryinformation.
MoreInformation
ThefollowingresourcesprovideadditionalinformationaboutsecuritytopicsanddetaileddiscussionoftheconceptsandsecurityprescriptionsinthisguideonM:
∙Hyper-VP
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 部署4HyperV 安全解决方案加速器指南 部署 HyperV 安全 解决方案 加速器 指南
![提示](https://static.bdocx.com/images/bang_tan.gif)