The guest operating system that runs in the virtual machine is subject to the same security risks as a physical system. Secure virtual machines just like physical machines, and follow best practices discussed in this document and in the
Security Configuration Guide (formerly known as the Hardening Guide).
Enable or Disable UEFI Secure Boot for a Virtual Machine UEFI Secure Boot is a security standard that helps ensure that your PC boots using only software that is trusted by the PC manufacturer. For certain virtual machine hardware versions and operating systems, you can enable secure boot just as you can for a physical machine.
Limit Informational Messages from Virtual Machines to VMX Files Limit informational messages from the virtual machine to the VMX file to avoid filling the datastore and causing a Denial of Service (DoS). A DoS can occur when you do not control the size of a virtual machine's VMX file and the amount of information exceeds datastore capacity.
Prevent Virtual Disk Shrinking Nonadministrative users in the guest operating system can shrink virtual disks. Shrinking a virtual disk reclaims the disk's unused space. However, if you shrink a virtual disk repeatedly, the disk can become unavailable and cause a denial of service. To prevent this, disable the ability to shrink virtual disks.
Virtual Machine Security Best Practices Following virtual machine security best practices helps ensure the integrity of your vSphere deployment.
Securing Virtual Machines with Intel Software Guard Extensions vSphere enables you to configure Virtual Intel ® Software Guard Extensions (vSGX) for virtual machines. Using vSGX enables you to provide additional security to your workloads.