Security, Compliance and Audit for VMware vSphere Environments

VMware released the vSphere 5 Security Hardening Guide on June 1, 2012.  The guide provides customers with an exhaustive list of security guidelines and best practices, plus a set of scriptlets to help automate the application of the guidelines.  The guide is in Excel format and provides details on vulnerabilities, controls, assessment procedures, and remediation steps to harden VMware vSphere (including ESXi, vCenter, vNetworks, and VM’s). The guide is available for download here.  While customers with regulatory requirements (HIPAA, SOX, PCI, FISMA, etc.) will benefit most from this guide, … [Read more...]

Securing Your Virtual Infrastructure

Between budget cuts and New Year's resolutions, improving your security posture is probably near the top of your to-do list.  Much has been made of security concerns in a virtual environment, but it is always good to re-visit your configurations and make sure they are still on par with recommended best practices.  I began re-reviewing VI security best practices after reading at post by Bob Plankers at The Lone SysAdmin (Bob has been on my reading list for years - he has a great style and always brings fresh insights) on why you would want a second super-user account on your ESX servers. We … [Read more...]