The Hyper-V Security Guide provides prescriptive guidance for hardening the Hyper-V role, including several best practices for installing and configuring Hyper-V with a focus on security. These best practices include measures for reducing the attack surface of Hyper-V as well as recommendations for properly configuring secure virtual networks and storage devices.

It also provides :

• Methods for delegating virtual machine management so that virtual machine administrators only have the minimum permissions they require. It describes common delegation scenarios, and includes detailed steps to guide you through using Authorization Manager (AzMan) and System Center Virtual Machine Manager 2008 (VMM 2008) to separate virtual machine administrators from virtualization host administrators.
• Prescriptive guidance for securing virtual machine resources. It includes best practices and detailed steps for protecting virtual machines by using a combination of file system permissions, encryption, and auditing.

Download of the Hyper-V Security Guide.

In any virtualized environment, adding new VMs is a frequent operation. While backup administrators can protect an entire Hyper-V host using the DPM Management Console, the protection group had to be modified manually to include the new virtual machines that have come up on the Hyper-V host.

There a PowerShell script, created by Angad Pal Singh (DPM Team). To Download Script :  AddNewClusteredVM.ps1 

The script for clustered servers (AddNewClusteredVM.ps1) takes as input the following two values in order:

This example takes the following values as input:

csv01.contoso.com – replace this with the name of your Hyper-V cluster

dpm-server01.contoso.com – replace this with the name of your DPM server

PS C:Program FilesMicrosoft DPMDPMbin> .AddNewCLusteredVM.ps1 csv01.contoso.com "Protection Group 2"

The script performs the following tasks:

1. Takes FQDN of protected cluster and name of protection group as input.

2. Searches for the protected cluster and the protection group.

3. Runs inquiry on the cluster to get the list of resource groups.

4. Runs parallel inquiry for each resource group and obtains the list of unprotected virtual machines under them.

5. Adds the unprotected virtual machines to the protection group.

6. Saves the changes to the protection group and exits.

Important:

· Shared disks that may be listed under the resource groups of your Hyper-V cluster are not Hyper-V data sources, and are not considered for automatic addition using this script.

· Any new virtual machines that are finally added to a protection group are scheduled for immediate replica creation, overriding any existing protection group behavior. You may modify the respective script to change this after referring the specific cmdlet help option.

Disk2vhd is a utility that creates VHD (Virtual Hard Disk – Microsoft’s Virtual Machine disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs). The difference between Disk2vhd and other physical-to-virtual tools is that you can run Disk2vhd on a system that’s online.

Command Line Usage

Disk2vhd includes command-line options that enable you to script the creation of VHDs. Specify the volumes you want included in a snapshot by drive letter (e.g. c:) or use "*" to include all volumes.

Usage: disk2vhd <[drive: [drive:]…]|[*]> <vhdfile>
Example: disk2vhd * c:vhdsnapshot.vhd

Download NOW