From VMware ESXi Version 5 Virtual Machine Security Technical Implementation Guide
Part of ESXi5-200
Associated with: CCI-000366
By default, all virtual machines on an ESXi host share the resources equally. By using the resource management capabilities of ESXi, such as shares and limits, you can control the server resources that a virtual machine consumes. You can use this mechanism to prevent a denial of service that causes one virtual machine to consume so much of the host's resources that other virtual machines on the same host cannot perform their intended functions.
Virtual machines (VMs) that have a greater risk of being exploited or attacked, or that run applications known to potentially consume resources must be constrained. From the vSphere Client/vCenter, select the Datacenter/host. Right-click the VM, select Edit Settings to check the virtual machine's memory and/or CPU shares, limits, and/or reservation(s). Appropriate values must be set for memory, CPU, advanced CPU, and disk variables. Care must be taken to ensure that the settings do not hamper dynamic resource allocation and management proper to virtualization systems. If any host VMs do not have share, limit, and/or reservation setpoints initialized, as appropriate to their respective levels of the risk of exploit or attack, this is a finding.
From the vCenter client, select the Datacenter/host. Right-click the VM select Edit Settings to configure the virtual machine's memory and/or CPU limits, shares, and/or reservation(s). Appropriate values must be set for memory, CPU, advanced CPU, and disk variables. With the appropriate (site-specific) level selected for the VM, select the OK button to save any change(s).
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer