Virtual Server 205 R2 Security

Per avviare automaticamente una macchina virtuale occorre specificare un account sotto cui girerà tale macchina. Tale utente dovrà avere i privilegi sufficienti per avviare la macchia e a tal proposito di veda Modifying general virtual machine properties che riporta:

The minimum permissions required for this account are as follows:

  • On the .vmc file: Read Data, Write Data and Execute File
  • On the .vhd file: Read Data, Read Attributes, Read Extended Attributes, and Write Data
  • On the .vnc file if a virtual machine is connected to a virtual network: Execute File, Read Data, Read Attributes and Read Permissions
  • On the folder containing the .vmc file, for a virtual machine to have the ability to save state: List Folder and Write/Create File

 

E’ possibile assegnare tali permissions configurando le Virtual Server Security Settings come indicato in Configuring Virtual Server security settings in modo da impostare correttamente le permission sulla macchina virtuale e sulla virtual network come indicato in Configuring virtual machine security.

Di seguito il legame tra permissions su file system e permission sulla virtual machine:

List Folder/Read Data

View configuration information for this virtual machine.

View the VMRC display for this virtual machine.

Create Files/Write Data

Modify the configuration of this virtual machine.

Traverse Folder/Execute File

Manage the state of this virtual machine.

Manage this virtual machine by using VMRC.

Delete

Delete this configuration file.

Read Permissions

Read permissions on the virtual machine configuration file.

Change Permissions

Change permissions on the virtual machine configuration file.

Di seguito il legame tra permissions su file system e permission sulla virtual network:

List Folder/Read Data

View configuration information for this virtual network.

Read Attributes

View configuration information for this virtual network.

Create Files/Write Data

Modify the configuration of this virtual network.

Traverse Folder/Execute File

Connect to this virtual network.

Delete

Delete the virtual network configuration file.

Read

Read the virtual network configuration file.

Change

Change the virtual network configuration file.

In particolare si noti come senza le opportune permissions (Traverse Folder/Execute File) non sia possibile connettersi alla virtual network.

Per ulteriori approfondimenti su come le iimpostazioni di configurazione di Virtual Server 2005, delle virtual machines, delle virtual networks e dei virtual hard disks siano controllate dalla discretionary access control lists (DACLs) sulle directorye i files di Virtual Server si veda File system security settings for Virtual Server.