- Restrict oVirt Engine web/admin access to management networks.
- Enforce strong authentication and RBAC role assignments.
- Keep Engine and host certificates valid and rotated.
¶ Host and VM Security
- Patch hypervisors and enforce secure baseline profiles.
- Use network segmentation for storage, migration, and VM traffic.
- Apply VM hardening templates and controlled console access.
¶ Audit and Compliance
- Enable and export audit logs from Engine and hosts.
- Alert on privileged role changes and host enrollment events.
- Validate backup and restore of engine database regularly.