Solved

admin role in vcenter

Posted on 2013-11-12
3
362 Views
Last Modified: 2013-11-12
can anyone provide some examples of the kind of issue/risk if an unauthorised user gained access to vcenter with an account with the admin role permissions. I am trying to gauge the potential risk if this ever happened.
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 39641044
1. Stop Virtual Machines
2. Delete Virtual Machines
3. Remove ESXi Hosts from vCenter Server.
4. Shutdown ESXi Hosts
5. Reboot ESXi Hosts
6. Potentially Access Console or Hosts
7. Potentially obtain files from VMs
8. Many Risks.....
0
 
LVL 3

Author Comment

by:pma111
ID: 39641047
Any risks from a data security standpoint, i.e. a virtual file server with sensitive payroll xls - can they access that from there?
0
 
LVL 119
ID: 39641185
Yes, an Admin could do the following:-

1. Power off VM.
2. Copy the Virtual Machine Disk to local laptop.
3. Mount the virtual machine disk (VMDK) as a drive letter, overcoming ANY OS Active Directory or Unix Login.
4. Inspect the data.

Easy!

if you wanted to do this secretly, without turning off the VM.

1. Clone the VM, whilst the VM was on.
2. Copy the Virtual Machine CLONE Disk to local laptop.
3. Delete the CLONE VM.
4. 3. Mount the virtual machine disk (VMDK) as a drive letter, overcoming ANY OS Active Directory or Unix Login.
4. Inspect the data.

Easy!

Virtualisation Administrators have more POWER, than your usual Domain Administrators!

Domain Administrators are responsible for Microsoft Active Directory Management (e.g  Domain, usernames and accounts, passwords , group policy).

Virtualisation Administrators are not often Domain Administrators, but they can be!
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VMs become orphaned after deleting from host and not vsphere 2 48
Weird issue with VMWare ESXi 6 host 3 65
Cisco Prime 2.2 7 38
Hypervisor 1 U 10 38
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question