Free security guide

An in-depth look at how to
harden your VMS infrastructure

A complete, practical guide to securing XCP-ng and Xen Orchestra — from first deployment to daily operations.

VATES VMS Hardening Guide

VATES VMS Hardening Guide

A step-by-step security framework for teams running or migrating to VATES VMS — from initial deployment to daily operations.

What you'll learn:

  • Hardened XCP-ng installation
  • Network & storage layer protection
  • Virtual machine configuration
  • Secure Xen Orchestra deployment
  • End-to-end stack hardening

Free PDF · Trusted by 1,000+ organizations · 90+ countries

Infrastructure security illustration

Why infrastructure security can't wait

The shift away from VMware has left many IT teams managing unfamiliar infrastructure under pressure. New hypervisors, new tooling, and accelerated deployment timelines create security gaps that attackers actively exploit.

Beyond migrations, compliance requirements — NIS2, ISO 27001, and sector-specific regulations — increasingly demand documented hardening procedures for virtualized workloads.

This guide gives your team a clear, actionable framework to lock down every layer of VATES VMS — before problems arise.

What's covered in the guide

Five critical areas, from initial setup to ongoing operations.

XCP-ng Hardening

XCP-ng Hardening

Secure from the first boot
Configure your hypervisor with security in mind: minimal attack surface, access controls, audit logging, and protection against privilege escalation — all covered step by step.

Network & Storage Security

Network & Storage Security

Isolate, encrypt, protect
Segment your virtual networks, harden storage access, configure firewall rules between VMs, and prevent lateral movement across your infrastructure.

Xen Orchestra Deployment

Xen Orchestra Deployment

Secure orchestration at scale
Deploy Xen Orchestra following least-privilege principles: TLS configuration, role-based access control, API security, and audit trail best practices.

"This event that may have been catastrophic for some companies, for us, with our backup policy and Xen Orchestra was a non-event. In fact, we didn't even need to notify our customers, as the data recovery was quick and almost transparent for end-users."

Mark Hewitt — Systems Administrator, Web.com

Go further: security resources on our blog