As a part of the defense-in-depth strategy, the ability to isolate the virtual machine from network threats requires augmentation in the ability to isolate the virtual machine from the possible admin insider threat. vSphere administrators have what equates to physical access to the operating system and the data contained therein.
Each VM communicates with the hypervisor to monitor guests, devices, storage, and tools. This section details several options to verify and set a strong security posture for the virtualization environment and the guest virtual machines in particular. Each of the settings in this section are verified or set under an account included in the administrator account role.