Rob Randell, one of our security specialists here at VMware, is guest-posting over at Mike D’s blog. (Guys, you’re welcome over here as well.)
Unfortunately, very often this situation is the exception and not the
rule. Many of the customers that I talk to are only talking to me
because they have started a widescale deployment of VMware VI and the
security team gets wind of it once it is well underway or worse some
sort of audit is initiated (PCI, Sarbox, HIPAA, etc…). At this point
the entire architecture needs to be reviewed and very often
rearchitected to meet the necessary security and audit requirements.
See the following article for a great example of this.
(Emphasis mine.) Sounds like a nightmare, so my guess is that you don’t want that to happen to you. Always consult your friendly neighborhood security team first.