The control domain, which often has the roles of an I/O domain and a service domain, must be kept safe as it can modify the configuration of the hypervisor, which controls all attached hardware resources.
The shutdown of the control domain can result in a denial of service of the configuration tools. Because the control domain is required only for configuration changes, the guest domains are unaffected if they access their network and disk resources through other service domains.
Attacking the control domain over the network is equivalent to attacking any other properly protected Oracle Solaris OS instance. The damage of a shutdown or similar denial of service of the control domain is relatively low. However, guest domains are affected if the control domain also acts as a service domain for these guest domains.
Avoid configuring administrative network access to the execution environment's domains. This scenario requires that you use the ILOM console service to the control domain to perform all administration tasks. Console access to all other domains is still possible by using the vntsd service running on the control domain.
Consider this option carefully. Although this option reduces the risk of being attacked over the administrative network, only one administrator can access the console at a time.
For information about securely configuring vntsd, see How to Enable the Virtual Network Terminal Server Daemon in Oracle VM Server for SPARC 3.1 Administration Guide .