The virtual machine console provides the same function for a virtual machine that a monitor provides on a physical server. Users with access to the virtual machine console have access to virtual machine power management and removable device connectivity controls. Console access might therefore allow a malicious attack on a virtual machine.
Procedure
- Use native remote management services, such as terminal services and SSH, to interact with virtual machines.
Grant access to the virtual machine console only when necessary.
- Limit the connections to the console.
For example, in a highly secure environment, limit the connection to one. In some environments, you can increase the limit if several concurrent connections are necessary to accomplish normal tasks.
