Home > Blogs > VMware vSphere Blog > Category Archives: Security

Category Archives: Security

vCenter Server 6.0 Update 1 Single Sign On and SSLv3


vSphere 6.0 Update 1 is out and there’s lots of great updates. One that I think many will be interested in is SSLv3 as it relates to Single Sign-On. From the Update 1 Release Notes

SSLv3 protocol disabled by default on port 7444 in vCenter Server 6.0 Update

When you install vCenter Server 6.0 Update 1, the SSLv3 protocol is disabled on port 7444 by default. When you upgrade from an earlier release of vCenter Server to vCenter Server 6.0 Update 1, the SSLv3
protocol remains enabled on port 7444. Workaround: To disable SSLv3 on port 7444 see KB 2131310

Continue reading

The vSphere 6.0 Learning Path at VMworld

VMworld US is only 3 weeks away, and by now you are probably going through the Content Catalog and using Schedule Builder to create your own personal agenda. Since vSphere is still a very popular topic among our customers, particularly with the release of vSphere 6.0 earlier this year, I decided to provide a list of sessions on vSphere 6.0 that are being present at this year’s show. This list is organized by type of sessions, so you can decide which ones best suit your needs.

Sessions on vSphere 6.0 Deployment

Deep Dives into specific features of vSphere 6.0

Hands-on Labs on vSphere 6.0

Of course, there are a lot of other great sessions that go into more general (version-independent) vSphere topics, but these are the sessions to attend if you want to learn specifically about the latest version. Don’t forget also to visit the VMware booth in the Solutions Exchange, where you can see demos of vSphere 6.0 features (plus a lot of other surprise goodies too).  I hope you have a great VMworld!

Recommended vSphere-focused Security Sessions at VMworld 2015

Hi everyone,

Here’s a quick blog post for you as you’re going through the VMworld Schedule Builder for VMworld 2015. Below is a list of security sessions that are primarily focused on vSphere Security. The NSX guys have a whole other laundry list of awesome sessions but for now, we’re going to focus on vSphere. Let’s get started!

I’m going to group these by their presenters.

Mike Foley

INF4758 – vSphere 6 Security Update Tuesday at 12:30pm
Get updated on what’s new in vSphere from a security perspective. You’ll get an overview of things like the new Lockdown Mode, an introduction to the big changes in vSphere security certificate management and the big changes that were made to the vSphere Hardening Guide.

INF5177 – vSphere Security: Fact .vs. Fiction (A 2014 repeat, back by popular demand!) Wednesday at 4pm
Is your security guy on your case about vSphere Security and thinks “VM Escape” is the primary threat? Learn the facts vs the fiction about security threats and come away feeling empowered to have “that” discussion with your security guy. Better yet, bring him along!

INF5539 – Infrastructure Security Panel Discussion Wednesday at 10am
Industry IT and Security experts get together and talk about the challenges, concerns and goings-on in virtualization and cloud security. The panel consists of folks from Financial and Heathcare, Federal government, Enterprise security and auditing and yours truly. Come prepared to ask questions!

INF6396-GD Platform Security with Mike Foley Wednesday at 11am
This is a group discussion where YOU are the content! No death by PowerPoint, just me facilitating a rountable discussion of you and your peers. We’ll talk about vSphere security and share tips and tricks.

EXPERTSMFO – Meet the Experts with Mike Foley Tuesday at 3pm
Here’s your chance for some one on one time! In my opinion this is one of the most under-utilized opportunities at VMworld. Take advantage of it! Book some time and let’s talk! If you’re looking for a discussion on network security and NSX however, please book time with those folks. Book this and other Meet The Experts sessions when you get to VMworld. It’s usually at the top of the first escalator in Moscone West.

Yuecel Karabulut

INF5339 – Protect your VM data with VM Encryption for vSphere and vCloud Air
I can’t say anymore than “Get up early and get to this session”. Seriously, I can’t say anymore!

Ryan Johnson and Adam Eckerle

INF4529 – VMware Certificate Management for Mere Mortals
Take two talented IT guys with TONS of real-world customer experience and toss them together with the new vSphere 6 certificate story and you get a great discussion on certs for the everyday IT guy.

Johnny Ferguson

INF4946 – vSphere 6 Security Deep Dive: Certificates and Identity
You asked for it and you’re getting it. This is the session for deep diving into vSphere certificate management and identities. Johnny is the Product Manager for Identity Management, SSO and certificate managament.

Bob Wehrfritz

SDDC6404-QT – The future of Trust and Security
VMware customers range from small to HUGE. All of them (I would hope!) have concerns about security. Some of these concerns can be addressed in some of the sessions listed here. When you need to go even further and dive into the nitty-gritty and bits and bytes, VMware’s Security Group is now there with a new program just for you. Check out what Bob has to share and visit the VMTA folks in the VMware booth!

Hands On Labs!

Check out both HOL-SDC-1610 and HOL-SDC-1620 to check out some security features as part of the vSphere HOL and get hands on with different security features of vSphere. For more information, visit the VMworld 2015 Hands On Labs site.

There you have it.. It’s GREAT to see how much security on the vSphere platform itself has grown and continues to grow. As you’re building out your personal catalog of sessions and want to learn the soup to nuts on certificates, start with my session INF4758, then check out Ryan and Adam’s session INF4529 and wrap it up with Johnny’s mind-blowing session INF4946.

Enjoy and see YOU at VMworld 2015!

Custom certificate on the outside, VMware CA (VMCA) on the inside – Replacing vCenter 6.0’s SSL Certificate

A customer recently asked me “How do I replace the “external” SSL certificate of vCenter but still use VMCA in default mode?” Ever curious, I asked “Why?”. His security team required that any “externally” facing management web pages needed to have a custom certificate that chained up to the corporate PKI. But behind that, they were totally cool with using VMCA in default mode (with the self-generated root certificate) for things like ESXi servers and solution users.

Continue reading

Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0

In this blog post we will go over the steps outlined in the VMware Knowledgebase article 2112009 for the creation Machine SSL and Solution User certificates in a Microsoft Certificate Authority (CA). The next blog on replacing the Machine SSL certificate will reference this blog.

Continue reading

vSphere 6 Hardening Guide GA now Available

It’s time to release the vSphere 6.0 Hardening Guide! As I mentioned back in April, there are a lot of changes that have been made. In talking with customers and auditors in detail for the past year, the conclusion was reached that the Hardening Guide was

  1. Difficult to understand
  2. Contained a mix of
    • Operational Guidance – How you use the product in your environment
    • Programmatic Guidance – What settings should be applied OR audited

Basically, it was NOT easy to implement. And if security is too difficult to implement, people will either not do it or will do it poorly.

Continue reading

vSphere with Operations Management Product Walkthroughs

If you’ve ever tried to watch a product demo video, or tried to use it to show a product to someone else, often times you find yourself trying to pause the video at the exact right moment, and then having scrub backwards or forwards because you missed the timing.  At VMware we’ve created an alternative way ot showing demos, which we call Product Walkthroughs.  These are web-based demos that let you walk through a scenario screen-by-screen, at your own pace.  Each screen has annotations to explain what’s going on and markups that highlight important parts of the screen, both of which can be turned off if you want a clean view.

Although we have created Product Walkthroughs for numerous products and solutions, the ones I want to focus on are for vSphere 6 and vSphere with Operations Management.  Both of these provide a great way to learn about these products and their features at your own pace, as well as to show how something works to your colleagues (or bosses).  The one on vSphere 6 highlights the features in this major new release, with sections on:

and more.

The vSphere with Operations Management product walkthrough provides an in-depth look at all the features of its two major components, vSphere and vRealize Operations, including

So, check them out and let us know what you think!

Let Us Wow You with vSphere 6

Not yet on vSphere 6?  Join us for a webcast to learn why you should be.  Starting June 2nd, 2015 and recurring every other Tuesday at 9AM, join the vSphere product experts to learn what’s new and exciting about vSphere 6!  A different topic will be covered each session and time will be allocated at the end of each webcast for Q&A.

Please always check the latest schedule each week as topics may change and sessions may be added or removed.

Continue reading

vSphere 6 Security Update

Recently I was asked by the vBrownbag community to present on vSphere 6 security. vBrownbag is a community-lead podcast series that features online webinars covering various Virtualization and VMware Certification topics, all led by members of the community. It’s an outstanding resource if you are looking to achieve certification or are just in the mood to learn. Read on to see how this webinar went and view for yourself.

Continue reading

vSphere Hardening Guide 6.0 Public Beta 1 available

I’m happy to announce that the vSphere 6 Hardening Guide Public Beta 1 is now available.

The guide is being provided as Excel spreadsheet. I’m also making a PDF doc available for easier viewing. In addition,  I’ve also included an Excel spreadsheet of the guidelines that have moved out of the guide and into documentation. THIS IS INCOMPLETE. We are still working on some of that content. (that’s why this is a beta!)

Please read the blog on the changes that have happened to the guide. LOTS of changes and the blog will explain.

vSphere 6.0 Hardening Guide – Overview of coming changes | VMware vSphere Blog – VMware Blogs

Continue reading