Moving towards secure by default Virtual Machines

As of March 2023, the ITS Private Cloud will set the default virtual machine firmware to UEFI (Unified Extensible Firmware Interface) with Secure Boot instead of BIOS (Basic Input/Output System) when deploying a new virtual machine. This move is aimed at strengthening the security of virtual machines “by default”, which is becoming increasingly important as cyber threats continue to evolve. UEFI is a modern firmware interface that provides more security features than BIOS, such as secure boot, which helps protect the system against malware and other malicious attacks.

As a result of this change, users of the ITS Private Cloud will see the default firmware pre-set to UEFI in the both the Cloud Portal and Command-Line Interface (vss-cli). However, we understand this change may be harder to adapt for older operating systems, that is why there will still show BIOS as an option, but please consider the benefits of this change are significant and will help ensure that virtual machines are more secure and compatible with modern hardware and software.

Open

Cloud Portal - New VM Form

If there is a need to disable secure boot in the Virtual Machine, the Command-Line interface vss-cli provides the following command to do that and won’t be disruptive to the installed Operating System if installed with UEFI secure boot:

In conclusion, the move to set the default virtual machine firmware to UEFI Secure Boot instead of BIOS is a step towards improving the security of the ITS Private Cloud Virtual Machines.