As you are probably aware, back in October we unveiled the VMware vCenter Operations Management Suite designed to deliver integrated performance, capacity and configuration management for virtualized and cloud computing environments. What is less well known is that VMware vCenter Configuration Manager is the anchor for the “configuration” management capabilities within the suite. Having been part of Configuresoft for several years before it was first purchased by EMC and then sold to VMware, I feel a bit like a dad watching his baby grow up. The technology that was Configuresoft is at the heart of vCenter Configuration Manager.
With today marking the general availability of vCenter Configuration Manager 5.5, I am both excited and proud to see this one go out the door. vCenter Configuration Manager has always been a great solution for ensuring that Operating System software, whether Windows, Linux or Unix is properly configured to meet a broad range of security best practices, vendor hardening guidelines and regulatory mandates (think HIPAA, PCI, SOX etc). But with this release, vCenter Configuration Manager becomes an indispensable part of the VMware family – addressing core requirements of the Virtual Infrastructure teams looking to leverage the VMware Cloud Infrastructure Suite as the foundation for business critical workloads moving to the cloud.
The primary theme for vCenter Configuration Manager 5.5 release is “Cloud Ready”. New capabilities within this release significantly increase the ability of the Virtual Infrastructure team to ensure that their VMware Infrastructure is properly configured to meet the rigorous demands associated with virtualizing business critical workloads; including addressing requirements associated with VMware’s own hardening guidelines.
This new release dramatically increases the ability to track configuration changes and to assess configuration compliance across the VMware Infrastructure including ESX, ESXi, vCenter, vCloud Director and vShield products. There are also a substantially greater number of new configuration actions that can be executed against vCenter and ESX, ESXi configurations. These configuration actions can be executed against a single object or in bulk against multiple objects spanning multiple vCenters. They can be executed as part of an organization’s general configuration management processes or as part of a configuration compliance program.
The enhancements to vCenter Configuration Manager 5.5 put tremendous visibility and control at the fingertips of the Virtual Infrastructure team responsible for VMware Infrastructure. To help illustrate this I have included an example of how vCenter Configuration Manager can help manage configuration changes across the VMware Infrastructure (Figure 1). This particular high level dashboard is focused on the Virtual Infrastructure team and shows all changes that have occurred across the VMware Infrastructure for a specific time period.
You can quickly drill down into any of these dashboards to investigate anything of interest or concern. In this example I’ve drilled down into a specific vCenter (Figure 2) to understand a change associated with the “client.timeout.normal” setting. I can see that this setting has been changed from 60 seconds to 10 which I know is out of compliance with operational best practices for vCenter (which calls for this setting to be equal or greater than 60 seconds).
In addition to the ability to see and understand prior changes, vCenter Configuration Manager provides the ability to change configuration settings across the VMware infrastructure (Figure 3). I can do this for a single object or for multiple objects. Bulk configuration changes can be directed across objects that span vCenters.
Finally (Figure 4) I can proactively manage configurations through compliance where I create rules and templates (collections of rules) for any configurations I want to ensure are uniformly applied across my entire virtual data center or subsets of “like objects” in my data center. vCenter Configuration Manager comes with a rich set of templates out-of-the box that can be used as is or as the starting point for the development of your own internal best practices.
The new capabilities of vCenter Configuration Manager 5.5 significantly increase the value delivered to customers purchasing the vCenter Operations Management Suite Enterprise Edition where today vCenter Configuration Manager is included to address critically important use cases associated with “hardening” the VMware Cloud Infrastructure Suite.
Other significant enhancements to vCenter Configuration Manager in this release include:
- Ability to create machine groups within vCenter Configuration Manager based on organizational constructs (clusters, virtual datacenter, application trust zones) within vCenter, vCloud Director and vShield.
- Support for configuration and compliance management for virtualization specific constructs such as templates and offline VMs (via VMware vCenter Orchestrator workflows delivered separate from the release)
- The ability to snapshot a VM before making a configuration change
- Support for the “Security Content Automation Protocol” (version 1.0) – important to federal agencies
- A new REST based API that will allow vCenter Configuration Manager to more fully participate in VMware and 3rd party ecosystem solutions
Early feedback from customers involved in beta testing has been extremely positive. The increased ability of vCenter Configuration Manager to harden the VMware Infrastructure combined with the existing strength of the product to harden the Operating System (Windows, Linux, Unix) make vCenter Configuration Manager fundamental to clouds built on VMware technology. More information can be found by visiting the vCenter Configuration Manager page on VMware.com. Also, be sure to download the free vSphere Compliance Checker which will help you better understand the value that vCenter Configuration Manager delivers to organizations looking to move business critical workloads to the cloud.
- on the Security & Compliance Blog or the Virtualization Management Blog
- on Twitter: @georgegerchow and @vmwaremgmt
- on Facebook: IT Management
- at the Management Mastery site
- and at the Management Mastery Forum
Peace Out!
George Gerchow, Director, VMware Center for Policy and Compliance
