{"id":10905,"date":"2010-10-19T08:35:02","date_gmt":"2010-10-19T08:35:02","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=10905"},"modified":"2010-10-19T08:35:02","modified_gmt":"2010-10-19T08:35:02","slug":"livekd-5-0-kernel-debugging-running-hyper-v-virtual-machines","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=10905","title":{"rendered":"LiveKD 5.0 Kernel Debugging Running Hyper-V Virtual Machines"},"content":{"rendered":"<p>Microsoft Sysinternals has updated their <a href=\"http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb897415.aspx\" target=\"_blank\">LiveKD<\/a> kernel debugging utility so you can analyse and troubleshoot <em>running<\/em> VMs on a Hyper-V host.\u00a0 That&#8217;s pretty impressive!\u00a0 Mark Russinovich has <a href=\"http:\/\/blogs.technet.com\/b\/markrussinovich\/archive\/2010\/10\/14\/3360991.aspx\" target=\"_blank\">blogged <\/a>about it, giving some basic instructions.\u00a0 Now you can start poking around what&#8217;s happening in a VM that is running on the host, including the current memory.\u00a0 It&#8217;s unlikely that you might need to do this by yourself, but you may be asked to do some of this stuff by MS support.<\/p>\n<p>This brings up an important point.\u00a0 Security for virtualisation is not like normal server security, mainly because of the flexibility and mobility of VMs.\u00a0 In my opinion, you need to treat a virtualisation infrastructure (no matter what brand it is) like an Active Directory.\u00a0 There should be a few overall administrators (domain admins) and you can delegate on a granular basis.\u00a0 This can be done with Windows and AzMan in Hyper-V.\u00a0 I prefer using Virtual Machine Manager delegation.\u00a0<\/p>\n<p>Think about this: you have a large organisation and you have contracted in helpdesk operators.\u00a0 They have some minor role to do with VM management.\u00a0 You don&#8217;t think too much about security or delegationa dn just give them admin rights on the Hyper-V hosts\/parent partitions.\u00a0 They can install LiveKD and then start poking around in VMs and their memory, able to access sensitive information.\u00a0 In reality they can do much more.\u00a0<\/p>\n<p>However, implement your delegation model correctly and they cannot access anything &#8220;above their pay grade&#8221;.\u00a0\u00a0 That means you are using the idea of physical access but applying it using virtual machine placement.\u00a0 For example, all helpdesk VM&#8217;s would be placed on hosts in a helpdesk host group (managed in VMM).\u00a0 The helpdesk people would be members of a delegated administrator\u00a0group in VMM that only has the ability to manage members of that host group.\u00a0 That means any new VMs they&#8217;d create could only be placed there.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Sysinternals has updated their LiveKD kernel debugging utility so you can analyse and troubleshoot running VMs on a Hyper-V host.\u00a0 That&#8217;s pretty impressive!\u00a0 Mark Russinovich has blogged about it, giving some basic instructions.\u00a0 Now you can start poking around what&#8217;s happening in a VM that is running on the host, including the current memory.\u00a0 &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=10905\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;LiveKD 5.0 Kernel Debugging Running Hyper-V Virtual Machines&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[20],"tags":[181,193,195,196],"class_list":["post-10905","post","type-post","status-publish","format-standard","hentry","category-hyper-v","tag-hyper-v","tag-system-center","tag-virtualisation","tag-vmm"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10905"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10905\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}