1

I am an unconditional user of Linux (Ubuntu to be precise). As a developer, I always host my web applications on an Ubuntu server.

If a client has a Windows environment, then I use a virtual machine with my application in it.

Recently a client asked me to create an application for him and he specified that his computer park is entirely Windows. All of its web applications are deployed on Windows server with IIS and run in https.

So here's my question:

  • If I put a virtual machine on Windows server with Ubuntu server, is there one or more scenarios in which a security vulnerability can appear?

If so what are the steps to take in advance for this type of deployment?-

Improve this question

1 Answer 1

Reset to default
2

Virtualization always adds at least one more layer of complexity - and thus potential vulnerability - to any deployment. You have to make sure that the host system itself is up to date, the hypervisor, the deployed VM and the used software inside your VM. Networking may or may not be more complex, depending on the infrastructures setup and if e.g. bridging can be used or not.

For your specific case, I'd opt for Hyper-V in a Windows-only-environment, if possible (licensing, etc.), simply because your client shouldn't need any new patching strategies for 3rd party software and can use the standard Windows Update services.

That said, VirtualBox can also be used, of course, but it must be up to date all the time as well.

Consider your (and/ or your clients) security implications of adding another layer to their environment, especially since you talk about deploying a Linux VM to a Windows-only-network. Be sure to check that your client is capable of maintaining this setup.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.