cumulative to the usual security best practices for physical servers:
Consider using Domain Isolation with IPSec for both Hosts and Guests.
Securing the communications between the Hyper-V server and its
administrators and users.
Host Operating System Configuration
Use a Server Core installation for the management operating system.
Keep the management operating system up to date with the latest security updates.
Use a separate network with a dedicated network adapter for the management operating system of the physical Hyper-V computer.
Secure the storage devices where you keep virtual machine resource files.
Harden the management operating system using the baseline security setting recommendations described in the Windows Server 2008 Security Compliance Management Toolkit.
Configure any real-time scanning antivirus software components installed on the management operating system to exclude Hyper-V resources.
Do not use the management operating system to run applications.
Do not grant virtual machine administrators permission on the management operating system.
Use the security level of your virtual machines to determine the security level of your management operating system.
Use Windows® BitLocker™ Drive Encryption to protect resources. (Note: BitLocker does not work with Failover Clustering.)
Virtual Machine Configuration
Configure virtual machines to use fixed-sized virtual hard disks.
Store virtual hard disks and snapshot files in a secure location.
Decide how much memory to assign to a virtual machine.
Impose limits on processor usage.
Configure the virtual network adapters of each virtual machine to connect to the correct type of virtual network to isolate network traffic as required.
Configure only required storage devices for a virtual machine.
Harden the operating system running in each virtual machine according to the server role it performs using the baseline security setting recommendations described in the Windows Server 2008 Security Compliance Management Toolkit.
Configure antivirus, firewall, and intrusion-detection software within virtual machines as appropriate based on server role.
Ensure that virtual machines have all the latest security updates before