Monitoring Virtual Machines: A StrategyPhil Biundo
If you have exceptionally adept users of your technologies, you may have run into the issue of users circumventing certain policies and limitations by creating multiple virtual machines that have no limits on their usage. This can become a nightmare for IT professionals, who are not only tasked with hardware issues and software updates but also with monitoring several functions of a company’s IT infrastructure.
Get Management On-Board
While the concept of virtual machines and a virtual desktop infrastructure may sound like gobbledygook to upper management, it is important that you communicate the issues that you are having to them as best you can. Try incorporating clear-cut language about the harms and risks involved, including any security concerns with data your company is responsible for. You may also approach this from an angle of lost productivity from essential employees whose skills are much better applied toward company purposes on company time.
The point of this conversation will be to develop an approved system of repercussions for users who consistently violate the VM policy. Make sure to incorporate a written warning system into this policy, so that violators are informed of the necessity to change their behavior right away.
Reiterate Company Policy
The IT arm of your company has rules against unauthorized VM’s for a reason, and yet it could be that your staff is not fully aware of the necessity of limits on the Virtual Machines that they are able to use. A company-wide management-approved memo to staff is necessary any time there is a consistent problem with the misuse of company technology.
Once you have a policy in place and have informed the staff of the new policy, it’s time to begin regulating and preventing the creation of new Virtual Machines on your network. The solutions that you employ largely depend on the types of VM’s that are flooding your system, and what tools you have available to you. It may take you a few tries to find the solution that works for you.
Here are some ideas:
- Limit Administrator access to key users.
- Utilize any and all role-based access controls offered by your existing software.
- Create restrictions in your registry settings.
- Use common names for any “allowed” VM’s to easily identify those that do not belong.
- Host necessary VM’s on a restricted server and disallow the creation of VM’s on other servers.
- Utilize a hosted solution such as Azure or AWS.
- Scan computers for the file extensions associated with the VM’s causing issues.
- Block IP addresses associated with rogue VM’s.
- Store data off of the machine, then implement software such as DeepFreeze or ReBoot to delete the presence of rogue VM’s.
- Disable virtual technology in your BIOS, and password protect it.
- Remove write permission from files storing your VM’s. This will also prevent users from “adjusting” your existing VM’s to suit their purposes.
- Disable installations of new applications without IT Administrator approval.
Flexible Approach to Monitoring Virtual Machines
The bottom line is, when dealing with technology savvy users such as programmers, you will have to use an approach of monitoring for VM creation backed by policies that are supported by your management team.
The greater question if your problem persists is whether or not your existing policies are too rigid to allow users to efficiently complete their tasks. If you sit down with those who are violating the policy, try to get them to explain their reasoning for needing a Virtual Machine. An open line of communication with end users is the best way to determine whether your current policies are suitable for the end goals of your organization.
If you feel you can contribute a better idea or have a better solution, feel free to leave a comment below. I will be sure to give you credit for the solution.