Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.
- Originally Published:
- Dec 2018
Virtualization platforms are available from a number of vendors, but it’s still critical to maintain your virtualization environment to avoid unnecessary resource consumption, out of-compliance systems or applications, data loss, security breaches, and other negative outcomes. This policy defines responsibilities for both end users and the IT department to ensure that the virtualized resources are deployed and maintained effectively
From the policy:
All virtual machines and applications are subject to the same policies as non-virtualized systems. Software patching, remote access, security measures including but not limited to installing workstation security software, disabling shared or guest accounts, user account controls, monitoring and logging, disk and network encryption, backups, and other relevant policies must be followed for virtualized systems.
Separate policies may exist for legacy platforms or applications, including restricting network access.
Unless specifically backed up or snapshotted, no guarantee is made for data recovery in the event of user error, hardware failure, or other disaster that renders the VM or host platform inaccessible.
Users requesting new virtualized resources must convey the nature of their needs to the IT department at least one week in advance. Requests should provide appropriate detail in terms of technical and business requirements prompting the request. Request details must include a schedule for performing backups, if backups are required for your use case.
Users are subject to the same policies applicable to non-virtualized systems, including security, internet use, and data lifecycle practices. (See your organization’s information security policy, if applicable.)
The ticketing system in place for physical systems will be used for virtualized systems.
When a virtualized system is no longer required, users should inform the IT department so these systems can be decommissioned to free up resources.
VMs and/or applications associated with specific employees (e.g., used by only these individuals) will be shut down when the employee leaves. It is the responsibility of managers to notify the IT department with approval or otherwise request data or applications preserved, if needed.
Already a member? Log in here