VMware Communities
ultimates
Contributor
Contributor
‎01-19-2024 05:31 AM

Is here any correlation among different virtual machines on a same host?

There is one VM machine for me to surf the Internet, while there is an another VM machine, which I don't want it to link to Internet because of privacy. But the 2 VM machines are both on a same PC host, so whether will their files be correlative with each other or not on a basis of "don't turn on at the same time"? That is, after turning off a VM machine, are there any trace left? and can my private data be monitored and obtained through the trace?

Labels (1)
Labels
0 Kudos
7 Replies
NateNateNAte
Hot Shot
Hot Shot
‎01-19-2024 06:30 AM

First, each VM, regardless of where it is physically hosted, is a separate element. When you start talking networking connectivity, that is where you can find ways to horizontally traverse, IF those two VMs are on the same network, and wide open. 

Second, to keep them separate, use VLANs.  One VLAN, we'll call it VLAN10 for your internet-connected machine.  That VLAN has to be connected to a NIC and routed to connect 'out'.  A second VLSN, we'll call it VLAN20 for your private machine, should NOT be routed at all.  It can still be reached via vCenter or ESXi and you can console in, but as long as the VLAN that machine is on is not routed - it remains 'offline' to the internet. 

As for your second question about after you turn off a VM is there any trace left?  Well yes, the vmdk and any snapshots would remain UNLESS you delete/destroy that VM and remove all associated files. 

The data on the 2nd VM can be monitored IF you have installed such a service (typically a 3rd party app on a separate VM), but if you're talking about: can an external actor monitor your traffic on your internet-connected VM, and then pivot over to monitor your non-connected VM....well, only if you have extremely bad/non-existent security in place and have placed all VMs on the same routed network.  

Does that answer your question?

scott28tt
VMware Employee
VMware Employee
‎01-20-2024 11:55 AM

Which VMware product does this relate to?

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
ultimates
Contributor
Contributor
‎01-22-2024 10:36 PM

Thanks for your answer, you said "the vmdk and any snapshots would remain UNLESS you delete/destroy that VM and remove all associated files", I see.

Then what I wonder is, will this "internet-connected VM" actively call on and read the "private VM" 's own vmdk or related files? Thank you.

0 Kudos
scott28tt
VMware Employee
VMware Employee
‎01-23-2024 01:26 AM

Please state which VMware product or products you are asking about.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
ultimates
Contributor
Contributor
‎01-25-2024 04:07 AM

Well, it is about virtual machine on vmware workstation pro, is this the correct answer you need?

0 Kudos
CallistoJag
Hot Shot
Hot Shot
‎01-25-2024 04:19 AM

If you have two laptops that both boot from 2 different disks running on a shared SAN, can one machine access the other machines drives in theory. Well yes if you give one laptop access to the SAN so that it can browse all files and datastores on the SAN. This is similar to the scenario you describe with the VMs. Normally both VMs are two separate entities like the laptops, but like the laptops, they are connected to the same environment, so if you want to give access to explore the environment you can. You can also block this. Depends on your setup. Normally though, separate VMs will have nothing to do with each others .vmdk's and snapshots.
scott28tt
VMware Employee
VMware Employee
‎01-25-2024 05:00 AM

Yes, that's perfect. A moderator should be along to move your post to the area of the Communities for that product.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos