To secure your virtual machines, keep the guest operating systems patched and protect your virtual environment just as you protect your physical machine. Consider deactivating unnecessary functionality, minimize the use of the virtual machine console, and follow other best practices.
Protect the Guest Operating System
To protect your guest operating system, make sure that it uses the most recent patches and, if appropriate, anti-spyware and anti-malware applications. See the documentation from your guest operating system vendor and, potentially, other information available in books or on the Internet for that operating system.
Deactivate Unnecessary Virtual Machine Functionality
Check that unnecessary functionality is deactivated to minimize potential points of attack. Many of the features that are used infrequently are deactivated by default. Remove unnecessary hardware and deactivate certain features such as host-guest filesystem (HGFS) or copy and paste between the virtual machine and a remote console.
See Deactivate Unnecessary Functions Inside Virtual Machines.
Use Virtual Machine Templates and Scripted Management
Virtual machine templates enable you to set up the operating system so that it meets your requirements, and to create other virtual machines with the same settings.
If you want to change virtual machine settings after initial deployment, consider using PowerCLI scripts. For the most part, this documentation explains how to perform tasks using the vSphere Client. Consider using scripts instead of the vSphere Client to keep your environment consistent. In large environments, you can group virtual machines into folders to optimize scripting.
For information on templates, see Use Templates to Deploy Virtual Machines and the vSphere Virtual Machine Administration documentation. For information on PowerCLI, see the VMware PowerCLI documentation.
Minimize Use of the Virtual Machine Console
The virtual machine console provides the same function for a virtual machine that a monitor on a physical server provides. Users with access to a virtual machine console have access to virtual machine power management and to removable device connectivity controls. As a result, virtual machine console access might allow a malicious attack on a virtual machine.
Consider UEFI Secure Boot for Virtual Machines
You can configure your virtual machines to use UEFI boot. If the operating system supports secure UEFI boot, you can select that option for your virtual machines for additional security. See Activate or Deactivate UEFI Secure Boot for a Virtual Machine.