Home > Blogs > VMware Security & Compliance Blog > Category Archives: Web/Tech

Category Archives: Web/Tech

vSphere 5.1 Hardening Guide goes mobile!

Posted on by

Hi,

It has been a couple of weeks since the release of the vSphere 5.1 Hardening Guide. Right around that time there was a call for updated content for the VMware Mobile Knowledge Portal app Well, I really wanted to see the updated Hardening Guide available on that  platform. That presented a challenge. For most customers, the format of releasing it as an Excel spreadsheet meets their need but have you looked at a spreadsheet on an iPad? Not a pretty sight.

Continue reading

VMware CP&C releases a FREE vSphere 5.0 hardening guideline compliance checker!

Posted on by

I am hanging out in NYC finishing Cloud Expo East where we delivered a rousing session on Cloud Audit & Control with Coalfire AND CP&C is now VERY pleased to announce the release of our FREE vSphere 5.0 compliance checker! Last week we rolled out the 5.0 hardening guidelines in vCenter Configuration Manager (vCM) making it the first product on the planet to have the 5.0 content for our customers. Today, we are giving you access to a FREE vSphere 5.0 compliance checker! How awesome is that?

It is so easy to download and use that you can run it while watching Euro Cup with the sound of GOOOOOOAAAAAALLLLLLLLL!!!!!!!!!! In the background!

 Here is how the vSphere 5.0 Compliance Checker works: 

  • The Compliance Checker runs an assessment on 5 host systems at a time! (The 1st five being managed by an instance of vCenter Server)

 

  • The assessment is based on a predefined subset of the 5.0 Hardening Guidelines Content that currently exist today in vCenter Configuration Manager (vCM) Part of the vCenter Operations Manager Suite (vCo Ps)

 

  • The results for each host includes the rules, the rule descriptions, and the success or failure of each rule

 

 Check out the following results report from the vSphere 5 Checker

ComplianceReport

All you have to do is authenticate into the vCenter box that you want to assess hosts on.

VSphereCC

The VMware Center for Policy & Compliance FREE Checkers are sweeter than bacon and designed to get you hooked & come back for more! 

Here is the link so you can get started hardening your vSphere Environment today. (Remember, we have FREE checkers for vSphere 4.0 & 4.1 AND for PCI 2.0 Windows & Linux)

http://www.vmware.com/go/free-compliance-check-for-vsphere

Next, look for CP&C to release a HIPAA Checker that will be hotter than the Miami HEAT!

Now this poses a few questions and we would love to get your feedback: 

1. Are free tools like this helpful?

2. How do you currently lock down your vSphere environment?

3. Would remediation of the non-compliance results be a good next step?

4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

 

Cambio y Fuera!

George Gerchow – Director, VMware Center for Policy & Compliance


 

VMware Center for Policy & Compliance (CP&C) releases vSphere 5.0 hardening guidelines in vCenter Configuration Manager! (vCM)

Posted on by

CP&C is pleased to announce the most anticipated content release to date in vCM, the VMware vSphere 5.0 hardening guidelines! As critical component of the vC Ops suite, vCM is the FIRST product in the market today to have the official GA version of the vSphere 5.0 Hardening Guidelines. This is just another significant step in our Trusted Cloud initiative in helping customers migrate tier one applications to the VMware Cloud Infrastructure Suite.

What does this mean to VMware vCM customers who want to make sure their virtual systems are compliant?

5 new rule groups and two brand new templates:

  VSphere 5.0 p1

 Brand new 5.0 hardening guideline collection filters:

VSphere 5.0 p2

Great executive compliance results and trending dashboards:

VSphere 5.0 p3

You can quickly move from Dashboards to details and see the out of compliance data classes, here is a small sample, there are so many that I cannot get a full coverage screen shot!

VSphere 5.0 p4

Add this DEEP virtualization compliance data to the rich cross platform, heterogeneous change detection, configuration\ patch management, best practices and regulatory compliance content vCM has today & you will be well on your way to successfully hardening your environment. (Yes, I did say Virtual, Physical, Windows, Linux, Servers, Desktops\ VDI…) This is better than bacon!

Whhheeeeewwwww, I ran of breath reading it back.

The guidelines are available today and can be downloaded using the vCM Content Wizard.

 Feel free to hit us up with questions & comments at:

Hasta La Vista,

George Gerchow – Director, VMware Center for Policy & Compliance

 

 

 

 

 

 

 

 

 

 

 

 

 


 

What’s New in Security at VMware.com

Posted on by

We’ve added some new things pertaining to security and compliance at the vmware.com web site, so I thought I’d highlight a few things to bring you up to date.

  • The new VMware Compliance Center includes an overview of the issues involved with
    virtualization and compliance, a comprehensive listing of partner
    virtualization compliance solutions, and references such as white papers
    and recorded webcasts.
  • There is a new listing of Free Security and Compliance Utilities.  These tools are provided by VMware partners, and can be downloaded and used right away to help assess and monitor your VI deployment
  • The Overview section of the Security Technology site has been updated to present the core issues of virtualization and security in a more streamlined way.  The Resources listing has also been enhanced to include more external resources.
  • Although not new, the VMsafe section had received some updates over the summer which you might not have seen.
  • Finally, something else that’s not new but worth pointing out is the Security Certifications page.  We will be listing all security-related certifications that VMware products receive, so you can check here to see ones we have received.

We’ll be adding new content to these pages over time, so please be sure to check back regularly.