2.4 Recommended Oracle VM Deployment Configurations

Proposing a number of recommended Oracle VM configurations is next to impossible, due to the nature of the product: server virtualization. Simply put, any server and any service or application a server makes available, can be virtualized. Consequently, the number of configurations possible is limited only by the capabilities of the physical hardware on which the virtual environment is deployed. An Oracle VM deployment can be a small-scale highly privileged setup with no external connectivity and access limited to only a few pairs of eyes; it could just as well be a battery of virtualized web servers hosting a variety of internet-facing services and applications; or it could be anything in between.

We try to categorize Oracle VM environments by their degree of access, and have documented a number of categories based on the network model. By itself, a privileged domain, or dom0, of a host Oracle VM Server is difficult to compromise because it has such a small footprint with very few moving parts and no obsolete packages. Exposure to attacks is highly influenced by the network configuration of both the physical and the virtual environment. In light of this, we identify the following categories according to their network security:

  • No network connection.

  • Isolated local network.

  • Trusted internal network.

  • Untrusted internal network.

  • Internet-facing service.

Depending on the purpose of your particular Oracle VM configuration, the servers hosted, the services they offer, and who needs to access them, your environment will fall into one or several of these categories. The more users have access to the environment and the larger the network from where the environment can be accessed, the greater the exposure to attacks. What we recommend, is that you use the tightest restrictions possible for your environment, consistent with the purpose of the hosted servers, services and applications. In any case, you must make sure that administrative access to your Oracle VM environment is possible from a trusted network location only. Local system administration is the most secure way, but less practical. If system administration from a remote connection is required, enforce VPN and use encryption.

For detailed information about the categorization based on network connectivity, see Section 3.1, “Oracle VM Network Model”.