Infrastructure Planning and Design (IPD) Guides

The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario. Each guide leads the reader through critical infrastructure design decisions, in the appropriate…


Best Practices for Deploying Virtual Machines by Using Hyper-V Virtualization Technology

About 80 percent of server deployments in the Microsoft IT data centers are deployed as virtual servers via Windows Server 2008 Hyper-V technology. To ensure optimal performance, Microsoft Information Technology (Microsoft IT) has developed configuration best practices, based on the application workloads or services that the virtual servers provide.  Best Practices for Deploying Virtual Machines…


How Microsoft Designs the Virtualization Host and Network Infrastructure

At Microsoft, server virtualization has become a primary way to address data-center power consumption, to address space issues, and to rationalize server utilization. To optimize deployment and management of thousands of virtual machines, Microsoft Information Technology (Microsoft IT) has developed standards and best practices for configuring host servers, storage, and network infrastructure. How Microsoft Designs…


VDI Security – Using Encryption to Protect Virtual Machine Resources

Windows BitLocker Drive Encryption (BitLocker) is a data protection feature included with Windows Server 2008. BitLocker is an operating system–based software capability that works with features in server hardware and firmware to provide secure operating system boot and disk drive encryption. This encryption physically safeguards operating system integrity and data. BitLocker–based physical protection is present…


VDI Security – Hardening Virtual Desktops

The same security measures and hardening you would apply to a physical computer should be applied to virtual machines. You should perform hardening steps for the virtual machine’s server role as indicated in the “Server Role Security Configuration” section in chapter 1, including consulting the appropriate Microsoft Solution Accelerator guidance for the specific operating system….


VDI Security – Virtual Desktop Configuration

The following recommended best practices can help you enhance security when configuring virtual machines on servers running the Hyper-V role: ·         Configure virtual machines to use fixed-sized virtual hard disks. ·         Store virtual hard disks and snapshot files in a secure location. ·         Decide how much memory to assign to a virtual machine. ·         Impose…


VDI Security – Securing VM Storage Devices

By default, new VHD files in the Public profile are stored in the %users%\Public\Documents\Hyper-V\Virtual Hard Disks directory. You can change the default storage location for VHDs by selecting Hyper-V Settings in the Hyper-V Manager. If you specify a different storage location, assign permissions as follows for the new folder: Table: Permission Settings for VHD Storage…


VDI Security – Securing the Host Network

The configuration of the physical network interfaces of the computer running Hyper-V can help to improve the isolation of the management operating system from the virtual desktops. Its recommended that you install at least two network adapters on the computer hosting Hyper-V. Dedicate the first network adapter for the exclusive use of the management operating system,…


VDI Security – Hyper-V Operating System Installation Type

You can install Hyper-V with either the Full or the Server Core installation options of the 64-bit editions of Windows Server 2008 (Standard, Enterprise, or Datacenter). Server Core is a minimal server installation option that provides a low-maintenance server environment with limited functionality. With a Server Core installation (as with Hyper-V Server 2008), only the minimal components…


VDI Security – Securing Virtual Desktops running on Hyper-V

The following considerations and recommendations relate to configuring virtual machines on a computer running Windows Server 2008 Hyper-V. ·         Determine where to store the virtual machine files and the VHDs. See “Securing Dedicated Storage Devices” earlier in this chapter for guidance. ·         Decide how much memory to assign to a virtual machine. Memory on the physical…