About company

Production company (metallurgy), 2000 people, Eastern Europe.

 Situation

The company uses Hyper-V service based on Windows Server 2012 / 2012R2 as the main solution for virtualization of computing resources.

Virtualization service has several fail-over clusters, with a total number of nodes more than 100.

Virtualization service nodes are located in a single Active Directory domain. In the same domain are corporate resources and users of the organization.

Vulnerability in a privileged domain account leads to inaccessibility of the virtualization system. Corporate services cease to work until the virtualization service is restored.

The total downtime of corporate services was 42 hours, 60% of the downtime was caused by the inaccessibility of the virtualization service.

Solution

To ensure a high level of information security of the virtualization service, were implemented the following key activities:

  1. A separate Active Directory forest has been deployed in a fault-tolerant version – an isolated domain of the virtualization service;
  2. Deployed Hyper-V clusters in an isolated domain;
  3. A procedure was developed, agreed upon with the Customer and implemented for the transfer of virtualization service nodes and virtual machines to Hyper-V clusters of an isolated domain, with updating the version of the operating system to Windows Server 2016;
  4. Firewall rules have been configured between the isolated virtualization service domain and the organization’s user domain;
  5. The auxiliary services of the isolated virtualization service domain are deployed and configured:
  • Virtual Machine Manager
  • System Center Operations Manager;
  • Terminal service (connection point from the corporate network);
  • Data Protection Manager;
  • Windows Server Update Services.
  1. Group policies have been developed and configured to increase the level of information security of an isolated virtualization service domain

Project Implementation Results

  1. An isolated virtualization service domain,  which provides a high security level;
  2. The virtualization platform is unified and reduced to a single version of the operating system – Windows Server 2016.