1.2 General Oracle VM Security Principles

1.2.1 Keep Software Up-to-Date
1.2.2 Restrict Network Access to Critical Services
1.2.3 Follow the Principle of Least Privilege
1.2.4 Monitor System Activity
1.2.5 Stay Up-to-Date on Latest Security Information

The following principles are fundamental to using any application securely.

1.2.1 Keep Software Up-to-Date

One of the principles of good security practice is to keep all software versions and patches up-to-date. Throughout this document, we assume that you are installing the necessary security patches and package updates on the Oracle Linux host running Oracle VM Manager, as well as the Oracle VM Servers in your environment. It is recommended that you:

  • Register your Oracle VM Manager host with the Unbreakable Linux Network (ULN). See Unbreakable Linux Network for information on using ULN.

  • For x86-based Oracle VM Servers, set up a local YUM repository and retrieve the updates from the Oracle VM channel on ULN. See the Yum Repository Setup article on OTN. As of Oracle VM Release 3.3, you can upgrade SPARC-based servers using an IPS server update repository. See the Oracle VM User's Guide for information on setting up these server update repositories.

  • Create server update repositories for your Oracle VM Servers in Oracle VM Manager. See the Oracle VM User's Guide for more information on creating server update repositories.

1.2.2 Restrict Network Access to Critical Services

Secure your network properly with firewalls. Software firewalls are part of the Oracle VM Manager and Oracle VM Server installations, but a best practice is to use an external firewall in addition. Keep all Oracle VM services on private network segments and allow public access only to and from services and systems that effectively require it. While firewalls are not infallible, they provide a high level of certainty that access to these systems is limited to a known network route, which can be monitored and further restricted, if necessary.

Should you decide to restrict access based on IP address, note that this often causes application client/server programs to fail for DHCP clients. In general, this is resolved by using static IP addresses or IP address reservation on the DHCP server. Note that with address reservation on the DHCP server, a connection may still fail if the IP lease expires while the DHCP server is unreachable. For Oracle VM in particular, static IP address assignment is highly recommended. In fact, the Oracle VM Manager host must maintain its IP address because the Oracle VM Servers under its control all record that IP address during server discovery. The IP is stored in the Oracle VM Agent database and used for communication with Oracle VM Manager. The same mechanism applies to the virtual IP address of a server pool, which must also be statically configured.

The network model of a given Oracle VM implementation depends on the hardware used, the scale of the environment, and the particular services deployed through its guest virtual machines. Various network configurations, security features of the network model, and guidelines for each networking type are described in more detail in the Security Features chapter; more specifically in Section 3.1, “Oracle VM Network Model”.

1.2.3 Follow the Principle of Least Privilege

The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Over-ambitious granting of responsibilities, roles, grants, etc., especially early on in an organization’s life cycle when people are few and work needs to be done quickly, often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.

However, Oracle VM is a server virtualization solution, and is an administrator's tool in the first place. Access to Oracle VM Manager is controlled by the underlying WebLogic application server, and while it is possible to create multiple accounts to log in to Oracle VM Manager, the privileges for all administrator accounts are the same. Consequently, it is recommended to create administrator accounts only for those who need full access to Oracle VM configuration and resources, and to use a strong password on each account. Use passwords between 8 and 16 characters in length consisting of a combination of small letters, capital letters and numeric characters.

For users who need access to one or more virtual machines, but are not allowed to modify the Oracle VM configuration, an administrator may set up remote access on the virtual machines. For a Windows server, RDP can be used; for a Unix server you can use SSH for command line access, and VNC in case a graphical desktop environment is used. Connect the virtual machines to a network that is accessible from the trusted internal network.

If the specific implementation of Oracle VM is a large scale configuration that requires finer grained role based access control, an alternative is to manage the environment through Oracle Enterprise Manager Ops Center. In this configuration, access control is an integral part of Enterprise Manager Ops Center.

Oracle VM subscriptions include full, complete use of Oracle Enterprise Manager 12c Cloud Control and Oracle Enterprise Manager OpsCenter. Customers who purchase Oracle VM subscriptions have an included license to use these products' virtualization and operating system management features as part of Oracle VM. We see the complete set of products (Oracle Enterprise Manager 12c Cloud Control, Oracle Enterprise Manager OpsCenter, Oracle VM Manager and Oracle VM Agent) as one product suite. Oracle Enterprise Manager 12c has complete Role Based Access Control, LDAP/Directory Services integration, a complete cloud self service end-user portal and cloud administrator portal. All these features are part of the Oracle VM portfolio without additional license cost. For more information about this integration of cloud components, see http://blogs.oracle.com/virtualization/entry/crash_course_role_based_access.

1.2.4 Monitor System Activity

System security stands on three legs: good security protocols, proper system configuration and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice and regularly monitor audit records.

As an Oracle VM administrator you have access inside the Oracle VM Manager GUI to events and statistics. These are your first indicators of potential problems, including security risks. Particularly important errors to investigate are Oracle VM Server disconnect and offline events, as they indicate unexpected connectivity issues.

Oracle VM keeps a number of log files on different components in the environment. These log files are important for the manageability and supportability of Oracle VM. The following tables provide an overview of the log files that can assist you in troubleshooting and security auditing:

Oracle VM Manager Logs

Log Files



Oracle VM Manager installation or upgrade log


- and/or -


All actions and operations that take place during an installation or upgrade procedure are saved to this file. Some log entries are simply informative, but a lot of debugging information is included.

Oracle VM Manager logs


The access.log and base_adf_domain.log files contain detailed information about Oracle VM domain access and status. These logs actually come from the WebLogic server.

The AdminServer.log file contains information similar to the events and statistics in Oracle VM Manager, but the logging is more detailed and more verbose.

The AdminServer-diagnostic.log file collects entries related to the Oracle VM Manager user interface and Oracle WebLogic Server.

CLI logs



In CLIAudit.log, located on the Oracle VM Manager host, the CLI maintains a full audit log of all executed commands.

The CLI.log file contains CLI component entries.

Oracle VM Server Logs

Log Files



Oracle VM Agent log


The Oracle VM Agent log is essential for auditing of internal communications and connectivity of the physical servers in your environment. From a security point of view, entries from authentication and connection failures with bad credentials, or an unusual number of access attempts could indicate unauthorized access attempts.

Oracle VM Agent notification log


This file contains all details of what the Oracle VM Agent sends to Oracle VM Manager: all events from the server, including storage device events, network events etc.

Oracle VM console log


[need info]

Storage Connect log


This file logs all installation activities related to Oracle Storage Connect plugins. It shows which plugins have been installed, which version is in use, and when exactly the installation has taken place.

Xen hypervisor logs


The xend.log file contains detailed information about Xen-specific operations. It is particularly useful to track errors related to virtual machines, such as start or migration failures.

In the context of product security and auditability, the various log files show which operations have been performed by each Oracle VM Manager administrator account. Also, any unauthorized login attempt on Oracle VM Manager or SSH connection failure to an Oracle VM Server is reflected in the log files. Monitor the logs actively in order to detect security issues as early as possible.

1.2.5 Stay Up-to-Date on Latest Security Information

Oracle continually improves its software and documentation. Check the Oracle web site and relevant product and technology pages regularly. For example: