The virtual machine console provides the same function for a virtual machine that a monitor provides on a physical server. Users with access to the virtual machine console have access to virtual machine power management and removable device connectivity controls. Console access might therefore allow a malicious attack on a virtual machine.

Procedure

  1. Use native remote management services, such as terminal services and SSH, to interact with virtual machines.
    Grant access to the virtual machine console only when necessary.
  2. Limit the connections to the console.
    For example, in a highly secure environment, limit the connection to one. In some environments, you can increase the limit if several concurrent connections are necessary to accomplish normal tasks.