Secure your network properly with firewalls. Software firewalls are part of the Oracle VM Manager and Oracle VM Server installations, but a best practice is to use an external firewall in addition. Keep all Oracle VM services on private network segments and allow public access only to and from services and systems that effectively require it. While firewalls are not infallible, they provide a high level of certainty that access to these systems is limited to a known network route, which can be monitored and further restricted, if necessary.

Should you decide to restrict access based on IP address, note that this often causes application client/server programs to fail for DHCP clients. In general, this is resolved by using static IP addresses or IP address reservation on the DHCP server. Note that with address reservation on the DHCP server, a connection may still fail if the IP lease expires while the DHCP server is unreachable. For Oracle VM in particular, static IP address assignment is highly recommended. In fact, the Oracle VM Manager host must maintain its IP address because the Oracle VM Servers under its control all record that IP address during server discovery. The IP is stored in the Oracle VM Agent database and used for communication with Oracle VM Manager. The same mechanism applies to the virtual IP address of a server pool, which must also be statically configured.

The network model of a given Oracle VM implementation depends on the hardware used, the scale of the environment, and the particular services deployed through its guest virtual machines. Various network configurations, security features of the network model, and guidelines for each networking type are described in more detail in the Security Features chapter; more specifically in Section 3.1, “Oracle VM Network Model”.