vSphere Hardening – Part 2

30/09/2013

First of all, I am very sorry for the long period of time between the previous episode and this follow up. In the previous post, documents related to security and hardening like “vSphere Security Guide” and “VMware vSphere Security Hardening Guide” were discussed.

In this part, I will discuss some tools that can help you in the assessment of our environment.Afbeelding 125

An overview of some tools for checking vSphere compliance:

  • vCenter Configuration Manager
  • Free Compliance checkers for vSphere,
  • Third party tools

vCenter Configuration Manager (vCM)

vCM is a component  of vCOM (vCenter Operations Management Suite) and can be used to continuously assess the configuration compliance of physical and virtual environments, like VMware vSphere, Windows and Linux operating systems.
Assessments can include IT defined internal standards, Security best practices, Vendor hardening guidelines (like the VMware vSphere Security Hardening Guide) and Regulatory mandates like HIPAA, PCI en SOX.

The downside is that vCM is not free, but you can download a trial, in fact you will download vCOM. More information on vCM, vCOM and links to the free Compliance Checkers can be found here.

Read the rest of this entry »


Driver Mania

19/09/2013

In recent months, I was asked to investigate a few vSphere clusters, suffering from a poor storage performance. These investigations start with a validation of the ESXi hosts, continue with the storage switches and ends with the storage.

In this post, I will not walk you through the whole process, but I want to highlight one aspect that in some cases can be overlooked. Most readers will know that for many devices, firmware and device drivers can make a difference. In my opinion, the same goes for the hypervisor. It is a good idea to check for the latest drivers and firmware for NICs and storage controllers on an ESXi host.

Read the rest of this entry »