Solved

admin role in vcenter

Posted on 2013-11-12
3
355 Views
Last Modified: 2013-11-12
can anyone provide some examples of the kind of issue/risk if an unauthorised user gained access to vcenter with an account with the admin role permissions. I am trying to gauge the potential risk if this ever happened.
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 39641044
1. Stop Virtual Machines
2. Delete Virtual Machines
3. Remove ESXi Hosts from vCenter Server.
4. Shutdown ESXi Hosts
5. Reboot ESXi Hosts
6. Potentially Access Console or Hosts
7. Potentially obtain files from VMs
8. Many Risks.....
0
 
LVL 3

Author Comment

by:pma111
ID: 39641047
Any risks from a data security standpoint, i.e. a virtual file server with sensitive payroll xls - can they access that from there?
0
 
LVL 118
ID: 39641185
Yes, an Admin could do the following:-

1. Power off VM.
2. Copy the Virtual Machine Disk to local laptop.
3. Mount the virtual machine disk (VMDK) as a drive letter, overcoming ANY OS Active Directory or Unix Login.
4. Inspect the data.

Easy!

if you wanted to do this secretly, without turning off the VM.

1. Clone the VM, whilst the VM was on.
2. Copy the Virtual Machine CLONE Disk to local laptop.
3. Delete the CLONE VM.
4. 3. Mount the virtual machine disk (VMDK) as a drive letter, overcoming ANY OS Active Directory or Unix Login.
4. Inspect the data.

Easy!

Virtualisation Administrators have more POWER, than your usual Domain Administrators!

Domain Administrators are responsible for Microsoft Active Directory Management (e.g  Domain, usernames and accounts, passwords , group policy).

Virtualisation Administrators are not often Domain Administrators, but they can be!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now