VMwarewolf » Security

New vSphere 4.0 Hardening Guide

VMwarewolf — Mon, 19 Apr 2010 17:54:09 +0000

Hot off the presses today folks is VMware’s new vSphere 4.0 Hardening Guide.

http://blogs.vmware.com/security/2010/04/vsphere-40-hardening-guide-released.html

This guide represents a new approach to providing security guidance from VMware. As compared with the previous VI3 Hardening Guides, the current guide has the following highlights.

Structure: this version uses a standardized format, with formally defined sections, templates, and reference codes. The goal is to increase clarity and reduce ambiguity, make it easier to reference individual guidelines, and most of all, enhance the ability to automate guideline enforcement.
Recommendation levels: in following with the formats used by NIST, CIS, and others, this guide categorizes all guidelines into three security levels. Instead of recommending a single set of guidelines for all environments, this guide encourages more of a risk-based approach, so that individual administrators can decide which guidelines apply to their environment.

Overall, there are more than 100 guidelines, with the following major sections:

Introduction
Virtual Machines
Host (both ESXi and ESX)
vNetwork
vCenter
Console OS (for ESX only)

This post brought to you by VMwarewolf

New vSphere 4.0 Hardening Guide

ESX Patches

VMwarewolf — Fri, 29 May 2009 13:36:47 +0000

A new bunch of patches for ESX 3.5 and 3.0.x were posted this week from VMware. If you’re still in the old Virtual Infrastructure 3 world, you might want to look in to the latest patches as they contain security and critical updates.

Patch Download and Installation

See the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX Server 3.5 hosts.

To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

This post brought to you by VMwarewolf

ESX Patches

Understanding VMware Roles and Permissions

VMwarewolf — Mon, 24 Nov 2008 20:14:59 +0000

VMware Virtualcenter roles and permissions are one of the most commonly misunderstood aspects of Virtual Infrastructure 3. We constantly receive calls into tech support asking how-to assign the appropriate rights to users and their virtual machines, clusters, etc.

A new article I saw on VIOPS today that helps one understand some of the basic premises of permissions and roles. Sometimes a good overview like this one, written from thirty-thousand feet, helps one solidify VMware’s security model in one’s mind. The article is broken down into major sections:

Concepts
Definitions
Datastores and Networks have no direct privileges
Definitions
VMs inherit privileges from two sources
Clusters and Hosts implicitly are resource pool
Privileges Needed to Create a Virtual Machine
Privileges Needed for various Inventory Manipulations

Anything to help understand VMware’s roles and permissions is a good thing. Read VI3 Roles and Permissions

Concepts behind this are explained in the paper Management VirtualCenter Roles and Permissions.

This post brought to you by VMwarewolf

Understanding VMware Roles and Permissions