Recently, I was involved in a project and tasked with the design and implementation of a small vSphere Cluster, shared storage and a backup solution. At one day, I was asked to take care of “hardening the environment”. So my first question was, “What are the requirements?” I explained that “Hardening” is part of a much larger concept known as “Security Design”. In the process of creating a good design, you must be aware of the impact of design decisions, because most decisions are irreversible, or will cost you a lot of extra money.
The end of the story; unknown requirements, time pressure and the customer could perform a security audit in the near future.
So time to repeat what I have learned during the “vSphere Security Design Training”, review my design and make sure we will be compliant at any time.
Over the years, VMware released documents that can help you building a secure environment. First of all, the “vSphere Security Guide”, the latest 5.1 release is here. This guide presents in-depth information on subjects like:
- Securing the ESXi hosts, Managements interface and the ESXi shell.
- The Lockdown mode.
- ESXi and vCenter authentication and User management.
- Installation of SSL certificates.
- Securing Virtual Machines.
- Securing vCenter Server.
- Best Practices for Virtual Machine and ESXi host security.