VMware vSphere hardening guide and best practices guide
How to build secured data centers? The question almost every admin had to face. It can be approached many ways, starting with 3rd party consultants coming to the IT floor ending by following complicated certification standards like HIPAA. VMware vSphere is often implemented with default configurations. And, once deployed, many vSphere implementations are not regularly evaluated to determine potential improvements in terms of VMware security standards.
VMware hardening standards
VMware Security Hardening Guides were created by VMware experts and provide prescriptive guidance for customers on how to deploy and operate VMware products in a secure manner. Guides for vSphere are normally provided in spreadsheet format, with rich metadata to allow for guideline classification and risk assessment. They also include script examples for enabling security automation. Implementing VMware security hardening is very time consuming and requires continuous validation of the implementation as the environment configuration changes. Thankfully, there is a tool which can script and automate VMware Security Hardening standards.
VMware hardening implementation tool
One of the Runecast Analyzer feature is VMware Security Hardening Guides automation. The Analyzer scans vSphere datacenter with all the ESXi hosts, vCenter servers and virtual machines. It uses extensive database of VMware Security Hardening checks and it applies thousands of combinations on data center environment. The result is the list VMware hardening rules which are already successfully applied and also those who need to be implemented. The entire scan doesn’t take more than a minute or two and can be scheduled periodically to report configuration changes against VMware Security Hardening Guides.
See how many KBs are applicable in your environment