Subscribe to the Non-Human & AI Identity Journal

How should teams govern VM migration when VMware and OpenShift Virtualization run together?

Treat the transition as a hybrid governance state, not a simple infrastructure swap. Define who owns protection, recovery, and access decisions for each workload phase, then align policies so VMware, OpenShift Virtualization, and container environments are controlled consistently until the migration is complete.

Why This Matters for Security Teams

When VMware and OpenShift Virtualization run side by side, the main risk is not just duplicated infrastructure. It is split governance across a shared workload estate. A migrated VM may still depend on legacy snapshots, backup jobs, service accounts, firewall rules, and change windows while the destination platform introduces new access paths and policy controls. Without one operating model for protection, recovery, and access, teams create blind spots that attackers and outages exploit.

This is where NHI governance becomes part of migration governance. Service accounts, API keys, automation tokens, and backup credentials often survive long after the workload changes platforms. NHIMG research shows that only 5.7% of organisations have full visibility into their service accounts, and that gap matters even more during hybrid cutover because identity sprawl increases fast. The governance lesson in Ultimate Guide to NHIs is that lifecycle control must follow the workload, not the hypervisor.

Security teams should treat this as a control-plane transition, not a lift-and-shift event. Current guidance from NIST Cybersecurity Framework 2.0 supports that posture by tying governance, access, and resilience to business risk rather than platform labels. In practice, many security teams encounter privilege drift only after a migrated VM is already operating with overlapping access paths and inconsistent recovery ownership.

How It Works in Practice

Hybrid governance works best when each workload phase has a named owner and a single policy baseline. That baseline should define who approves access, who can recover the workload, where secrets live, how change is recorded, and when the old platform loses authority. The transition period is the hardest part because VMware, OpenShift Virtualization, and container services may all be needed for the same application family.

Practical controls usually include:

  • Map every VM to a migration state: source, in-flight, cutover, or retired.
  • Assign one control owner for backup, one for identity, and one for platform operations.
  • Inventory all non-human identities tied to the VM, including automation users, snapshot tools, and monitoring agents.
  • Rotate or re-issue secrets before and after cutover so old platform credentials do not remain valid.
  • Align RBAC, change approvals, and break-glass access across both environments until decommissioning is complete.

For workload identity, the important question is not whether the VM runs on VMware or OpenShift Virtualization, but whether its administrative actions are provably authorised at runtime. That is why lifecycle controls from the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs are relevant here. They reinforce offboarding, rotation, and access review as continuous activities instead of one-time migration tasks.

Where teams have mature governance, they also reconcile telemetry and audit evidence across both stacks so protection and recovery decisions remain defensible. The Ultimate Guide to NHIs — Regulatory and Audit Perspectives is useful because migration evidence often needs to show not only what moved, but who retained access and for how long. These controls tend to break down when the same credential is used by backup automation, platform administration, and application deployment because ownership becomes impossible to prove cleanly.

Common Variations and Edge Cases

Tighter migration governance often increases operational overhead, so organisations have to balance speed against assurance. That tradeoff is real when the same application family includes critical VMs, test clones, and newly containerised services, because a single policy may not fit every phase equally well.

Best practice is evolving on how much policy convergence is enough during parallel operation. Some teams keep VMware and OpenShift Virtualization controls aligned only at the decision points that matter most, such as identity, logging, encryption, and backup retention. Others push for nearly identical control language across both platforms to reduce audit friction. There is no universal standard for this yet, but the direction is clear: the governance model should be workload-centric, not platform-centric.

Edge cases include applications with hardcoded credentials, legacy backup tools that cannot separate source and destination permissions, and disaster recovery designs that still depend on the old hypervisor after cutover. Those situations need explicit exception handling, time-boxed access, and documented retirement dates. NHIMG research on Top 10 NHI Issues is especially relevant because migration often exposes stale secrets and excessive privileges that were already present but invisible. The model fails when teams assume the old platform can be trusted to self-retire while the new platform is already live.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 GV.OC, PR.AA, PR.IR Hybrid migration needs shared governance, access, and resilience decisions.
OWASP Non-Human Identity Top 10 NHI-01 Migration exposes service accounts, secrets, and offboarding gaps.
NIST SP 800-63 AAL2 Strong identity assurance matters for admin and automation access during transition.
NIST Zero Trust (SP 800-207) SC-7, AC-6 Zero Trust supports segmented access while both platforms operate together.
CSA MAESTRO GOV-01 Agentic and automated orchestration during migration needs clear governance.

Define ownership, access, and recovery controls for each migration phase and keep them consistent across platforms.