Product Announcements

Security of the VMware Hypervisor – A Whitepaper


I’m happy to announce the availability of a whitepaper that I had been working on much of the past year. Since I joined VMware back in January of 2013, an almost weekly request was for a whitepaper that help IT team explain the security of the VMware vSphere hypervisor, a.k.a. ESXi, to a security professional.

Frequently, the IT folks would encounter statements like “How can we trust the hypervisor?” or “I’ve heard of this  VM Escape thing, what’s to stop a VM from corrupting or attacking the hypervisor?”. Yes, I know, to many of you that’s “so 2008” but in actuality, it’s an almost weekly question that still comes up!

So I set out not to just address those types of questions but to also cover, at a high level, the typical questions a security person would ask of their IT person. This is the whitepaper that you, as an IT professional, can hand to your security team and say “Go read this first, then let’s have an informed conversation”.

The topics covered in the paper are:

  • Secure Virtual Machine Isolation in Virtualization
  • Network Isolation
  • Virtualized Storage
  • Secure Management
  • Platform Integrity Protection
  • VMware’s Secure Development Lifecycle

Finding the right level of detail to go into a paper like this is always a challenge. The paper, at 25 pages, is meant as an overview to a specific audience, the security professional. In order to keep the paper at a reasonable length, some deep dive content is referenced in existing materials. On the last page is a list of 19 references that I used in producing the paper.

It’s my hope that this paper helps foster an understanding of the technologies involved and where to be concentrating your security energies. Hint: Good Operational Hygiene! Doing things at scale means you need to be WAY better at operational security!

Please leave your feedback here or send it to me in email. (mfoley@vmware) I look forward to hearing if this paper is useful to you. You can find the whitepaper on the VMware Tech Resources page and directly here.

Thanks for reading!