Virtual Server 205 R2 Security
Per avviare automaticamente una macchina virtuale occorre specificare un account sotto cui girerà tale macchina. Tale utente dovrà avere i privilegi sufficienti per avviare la macchia e a tal proposito di veda Modifying general virtual machine properties che riporta:
The minimum permissions required for this account are as follows:
- On the .vmc file: Read Data, Write Data and Execute File
- On the .vhd file: Read Data, Read Attributes, Read Extended Attributes, and Write Data
- On the .vnc file if a virtual machine is connected to a virtual network: Execute File, Read Data, Read Attributes and Read Permissions
- On the folder containing the .vmc file, for a virtual machine to have the ability to save state: List Folder and Write/Create File
E’ possibile assegnare tali permissions configurando le Virtual Server Security Settings come indicato in Configuring Virtual Server security settings in modo da impostare correttamente le permission sulla macchina virtuale e sulla virtual network come indicato in Configuring virtual machine security.
Di seguito il legame tra permissions su file system e permission sulla virtual machine:
List Folder/Read Data |
|
||||
Create Files/Write Data |
Modify the configuration of this virtual machine. |
||||
Traverse Folder/Execute File |
|
||||
Delete |
Delete this configuration file. |
||||
Read Permissions |
Read permissions on the virtual machine configuration file. |
||||
Change Permissions |
Change permissions on the virtual machine configuration file. |
Di seguito il legame tra permissions su file system e permission sulla virtual network:
List Folder/Read Data |
View configuration information for this virtual network. |
Read Attributes |
View configuration information for this virtual network. |
Create Files/Write Data |
Modify the configuration of this virtual network. |
Traverse Folder/Execute File |
Connect to this virtual network. |
Delete |
Delete the virtual network configuration file. |
Read |
Read the virtual network configuration file. |
Change |
Change the virtual network configuration file. |
In particolare si noti come senza le opportune permissions (Traverse Folder/Execute File) non sia possibile connettersi alla virtual network.
Per ulteriori approfondimenti su come le iimpostazioni di configurazione di Virtual Server 2005, delle virtual machines, delle virtual networks e dei virtual hard disks siano controllate dalla discretionary access control lists (DACLs) sulle directorye i files di Virtual Server si veda File system security settings for Virtual Server.