Access to the console of a XenVM should be protected with a password, as closing the console window does not lock the console or desktop. The console is thus available to the next user without protection. A console password can be set either when the XenVM is created or by retroactively setting the XenVM attributes.
The following must be borne in mind with respect to the console password:
The password can be up to 8 characters long.
It should include a certain level of complexity (this is not checked when it is entered).
The password is not set on a user-specific basis. It is the same for all users of the particular XenVM console.
If access does not take place via the SE Manager, the password at least offers simple protection for access to the XenVM console.
The following applies for protecting the password:
Transfer from the client to the server takes place with SSL encryption.
The password is masked out in all XenVM displays.
The XenVM configuration data is access-protected (access requires root authorization).
The console passwords are contained in CSR backups, but only system administrators and Customer Support have access to these backups.
Security-relevant actions
- Reset the console password:
The XenVM console can then be accessed without a password. This status should be avoided for security reasons. Import a CSR backup:
When a CSR backup is imported, the console passwords are reset to the status of the backup, i.e. if necessary, console passwords are also reset. You should check whether password protection still exists and, if necessary, set a password.Download a CSR backup to the administration PC:
The file must be protected against unauthorized access, otherwise console passwords might be obtained without authorization.