A great question crossed my desk today from a customer. “Can a VI Admin who has root access to ESXi “abuse” their privileges and “peek” inside the guests of VM’s hosted on the server?”
The short answer? If your ESXi admin has root or full administrator privileges, they can do anything. Nobody should be surprised by this! HOWEVER, you can mitigate, limit and monitor what is being done.
But first, let’s quickly review what is meant by “peek inside the guest”. In the human world, Continue reading →
The VMware Mobile Knowledge Portal iOS and Android app has recently been updated. It sports a great new look and feel and makes finding the information you need even easier by grouping it by area in our SDDC vision.
I’m happy to announce the availability of a whitepaper that I had been working on much of the past year. Since I joined VMware back in January of 2013, an almost weekly request was for a whitepaper that help IT team explain the security of the VMware vSphere hypervisor, a.k.a. ESXi, to a security professional.
Joining me will be Simon Mijolovic (we just call him “Simon”), the Staff Program Manager for virtual appliance security and Greg Murray, Product Manager for, among many things, virtual appliances at VMware.
Simon will be going over the changes that were made to make our virtual appliances secure out of the box (91-95% DISA STIG compliant!).
Greg will be there to gather feedback on what YOU want to see out of our virtual appliances. Do NOT miss this opportunity to be heard by the folks that can do something about it!
I’m not sure what John Troyer @jtroyer was thinking when he handed me the keys to his baby for the day but I’m sure it will be fun and interesting! I hope you can join us whether it’s live on Talkshoe or later as a downloaded podcast!
A wrap-up of the podcast will be located on the podcast archives within a few days.
I’m looking forward to talking with many of you tomorrow!
I’m happy to report that the vSphere 5.5 Hardening Guide has been released for General Availability. My thanks to all that contributed their feedback to make this happen. The guide has been given a full makeover with regard to documentation references. I’m in Renate’s debt for those stellar contributions. Additionally, some guidelines have been removed and some new ones added.
Along with the guide, similar to the 5.1 release, I’m releasing a change log worksheet.
One thing to note, the “Profiles” column has been renamed “Risk Profiles”. This was done to bring to light the function of the column. I am frequently quizzed by IT administrators that have been told to “Implement the Hardening Guide”. As written, the Hardening Guide is a list of guidelines, not mandates. Please note that some guidelines in the Risk Profile 1 category can break functionality!
As with any security measures, they should not be applied in a blanket fashion. I would encourage IT administrations and security folks to work together and assess each guideline for applicability, risk management and impact to the business and operations. The Risk Profiles help to categorize the guidelines that could be applicable to your environment.
I’m working with the VMware web team to have the guide and the change log officially moved over to the Hardening Guide page on VMware.com. I will update the discussion in the Communities and post a reply to this blog article when that has been completed.
As always, your input is very valuable to me and VMware as a whole. If you have questions that can’t be asked in a public forum, reach out to me via email, mfoley-at-vmware.com. For more frequent updates to vSphere security news and facts, follow me on Twitter at @vSphereSecurity
Part of my role at VMware is to work closely with our customers and partners, sharing experiences and feedback with internal VMware Product Management and Engineers to help make our products better. One area that has been dominantly more focused than others over the last 12 months has obviously been vCenter Single Sign-On.
Due to this feedback, one of the drivers for the new vCenter Single Sign-On was to provide backwards compatibility and to highlight this, a recent Knowledge Base article released.
I’m happy to announce the availability of the vSphere 5.5 Hardening Guide Release Candidate. A SIGNIFICANT amount of documentation updates have been incorporated into the guide to really round it out. There have been some new additions and some deletions to the guide. All changes are documented in the changelog spreadsheet.
You can download the guide and the changelog here. All changes are color-coded in the changelog and within the RC release spreadsheet. The colors will be removed from the final GA document but will remain in the changelog.
I would encourage you to review the document and provide feedback ASAP. The goal is to release this for General Availability in the next week unless significant changes come in. You can reply to the discussion with your updates or contact me directly at mfoley @ vmware.com.
When the guide is released for GA, it will up uploaded to the normal location
Have you ever wondered how Roles and Permissions work using the vSphere Web Client? Here’s a great video brought to you by VMware Tech Pubs. Peter Shepherd does a great job in introducing you to Roles and Permissions and how to get the most out of them. He will lead you through the steps to create an administrator role for a specific virtual machine in four and a half minutes!