First of all, I am very sorry for the long period of time between the previous episode and this follow up. In the previous post, documents related to security and hardening like “vSphere Security Guide” and “VMware vSphere Security Hardening Guide” were discussed.
An overview of some tools for checking vSphere compliance:
- vCenter Configuration Manager
- Free Compliance checkers for vSphere,
- Third party tools
vCenter Configuration Manager (vCM)
vCM is a component of vCOM (vCenter Operations Management Suite) and can be used to continuously assess the configuration compliance of physical and virtual environments, like VMware vSphere, Windows and Linux operating systems.
Assessments can include IT defined internal standards, Security best practices, Vendor hardening guidelines (like the VMware vSphere Security Hardening Guide) and Regulatory mandates like HIPAA, PCI en SOX.
The downside is that vCM is not free, but you can download a trial, in fact you will download vCOM. More information on vCM, vCOM and links to the free Compliance Checkers can be found here.
Free Compliance checker for vSphere
Five free compliance checkers are available. These compliance checkers are not trial versions, but reveal some of the options op vCM. They can be found here.
- vSphere 5.0 VMware Hardening Guidelines Checker
- vSphere 4.1 VMware Hardening Guidelines Checker
- vSphere 4.0 VMware Hardening Guidelines Checker
- PCI 2.0 Compliance Guidelines Checker
- VMware HIPAA Compliance Checker for Windows and Linux
Note that versions for vSphere 5.1 (and 5.5) are not available.
The free compliance checkers run on any version of Windows. Depending on the compliance checker selected, you can point it to a vCenter Service instance to collect compliance data from up to five different ESXi hosts or five VMs with Windows or Linux operating systems.
A demonstration of the vSphere 5.0 VMware Hardening Guidelines Checker can be seen here.
This post also demonstrates the use of the “vSphere 5.0 VMware Hardening Guidelines Checker” and shows how to resolve some issues.
Third party tools
Since quite some time, VMware employee William Lam, owner of the famous “virtuallyGhetto” maintains the “vSphere Security Hardening Report Script”. The latest edition for vSphere 5.1 can be found here. The page also contains a link to the download location. Very detailed instructions how to run the script are available. Really great work!
For people running products from Tenable, like the well-known Nessus Vulnerability scanners, here is some news. Late April, Tenable has released three new auditing files, which provide over 200+ checks. For more information, read this announcement.
This concludes our overview of some tools available for checking the compliance of your environment. In a follow up, we will evaluate some of these tools.
As always, I thank you for reading, and I welcome your comments.
This post is the second part in a series about vSphere hardening. See also:
Part 1 vSphere Hardening, Introduction
Part 2 vSphere Hardening, Available Tools
Part 3 vCenter Configuration Manager – Installation
Part 4 vCenter Configuration Manager – Configuration
Part 5 vCenter Configuration Manager – The Videos
Part 6 vCenter Configuration Manager – First Run