vSphere Hardening – Part 1


Recently, I was involved in a project and tasked with the design and implementation of a small vSphere Cluster, shared storage and a backup solution. At one day, I was asked to take care of “hardening the environment”. So my first question was, “What are the requirements?” I explained that “Hardening” is part of a much larger concept known as “Security Design”. In the process of creating a good design, you must be aware of the impact of design decisions, because most decisions are irreversible, or will cost you a lot of extra money.Hardening-P1-01
The end of the story; unknown requirements, time pressure and the customer could perform a security audit in the near future.

So time to repeat what I have learned during the “vSphere Security Design Training”, review my design and make sure we will be compliant at any time.

Over the years, VMware released documents that can help you building a secure environment. First of all, the “vSphere Security Guide”, the latest 5.1 release is here. This guide presents in-depth information on subjects like:

  • Securing the ESXi hosts, Managements interface and the ESXi shell.
  • The Lockdown mode.
  • ESXi and vCenter authentication and User management.
  • Installation of SSL certificates.
  • Securing Virtual Machines.
  • Securing vCenter Server.
  • Best Practices for Virtual Machine and ESXi host security.

Read the rest of this entry »

Unable to login to vCenter Chargeback Manager


I was not able to use the vCenter Chargeback Manager in my home lab for a while. After booting the server, the login window showed this message: “An error has occurred. Please contact the system administrator or try again later”.

CBM-login-01Figure 1

After a quick search on the Internet, I have found VMware KB 1030532, unfortunately, it is not applicable in this situation.
Another source is the “Best practices and Troubleshooting Guide for vCenter Chargeback Manager 2.0.0.”. Page 23 presents a similar problem, as a probable cause it points to the database, which may has run out of disk space.

Read the rest of this entry »