The virtual machine console provides the same function for a virtual machine that a monitor on a physical server provides. Users with access to the virtual machine console have access to virtual machine power management and removable device connectivity controls, which might allow a malicious attack on a virtual machine.

Procedure

  1. Use native remote management services, such as terminal services and SSH, to interact with virtual machines.

    Grant access to the virtual machine console only when necessary.

  2. Limit the connections to the console to as few connections as necessary.

    For example, in a highly secure environment, limit the connection to one. In some environments, you can increase that limit depending on how many concurrent connections are necessary to accomplish normal tasks.