The virtual machine console provides the same function for a virtual machine that a monitor on a physical server provides. Users with access to the virtual machine console have access to virtual machine power management and removable device connectivity controls, which might allow a malicious attack on a virtual machine.
- Use native remote management services, such as terminal services and SSH, to interact with virtual machines.
Grant access to the virtual machine console only when necessary.
- Limit the connections to the console to as few connections as necessary.
For example, in a highly secure environment, limit the connection to one. In some environments, you can increase that limit depending on how many concurrent connections are necessary to accomplish normal tasks.