- Restrict Sunstone/UI and API endpoints to trusted admin networks.
- Use HTTPS with valid certificates and strong cipher settings.
- Enforce least-privilege user/group permissions.
¶ Hypervisor and Network Security
- Segment management, storage, and tenant traffic.
- Harden KVM/VMware host integrations and credentials.
- Limit datastore access and protect backend storage.
¶ Template and Image Governance
- Approve and sign VM templates/images before use.
- Scan images for vulnerabilities prior to publication.
- Keep marketplace imports under policy control.