Subscribe / Log In
Subscribe / Log In
Profile

Virtualization policy

Share

  • Provided by TechRepublic Premium
  • Published September 2, 2019
  • Topic TechRepublic Premium
  • Format PDF
Virtualization platforms are available from a number of vendors, but it’s still critical to maintain your virtualization environment to avoid unnecessary resource consumption, out of-compliance systems or applications, data loss, security breaches, and other negative outcomes. This policy defines responsibilities for both end users and the IT department to ensure that the virtualized resources are deployed and maintained effectively

From the policy:

General regulations
All virtual machines and applications are subject to the same policies as non-virtualized systems. Software patching, remote access, security measures including but not limited to installing workstation security software, disabling shared or guest accounts, user account controls, monitoring and logging, disk and network encryption, backups, and other relevant policies must be followed for virtualized systems.

Separate policies may exist for legacy platforms or applications, including restricting network access.

Unless specifically backed up or snapshotted, no guarantee is made for data recovery in the event of user error, hardware failure, or other disaster that renders the VM or host platform inaccessible.

User responsibilities
Users requesting new virtualized resources must convey the nature of their needs to the IT department at least one week in advance. Requests should provide appropriate detail in terms of technical and business requirements prompting the request. Request details must include a schedule for performing backups, if backups are required for your use case.

Users are subject to the same policies applicable to non-virtualized systems, including security, internet use, and data lifecycle practices. (See your organization’s information security policy, if applicable.)

The ticketing system in place for physical systems will be used for virtualized systems.

When a virtualized system is no longer required, users should inform the IT department so these systems can be decommissioned to free up resources.

VMs and/or applications associated with specific employees (e.g., used by only these individuals) will be shut down when the employee leaves. It is the responsibility of managers to notify the IT department with approval or otherwise request data or applications preserved, if needed.

People Also Downloaded