Hardening and Compliance for vSphere
For some time now vRealize Operations has been able to check the vSphere environment against VMware’s vSphere Hardening Guidelines – vRealize Operations vSphere Hardening.
More and more organizations have the need to meet certain regulatory requirements, namely PCI-DSS, HIPAA, and others. With the recent release of vRealize Operations 6.6 VMware has also introduced PCI-DSS and HIPAA compliance for vSphere. This is available to clients with vRealize Operations Advanced edition and higher.
Download and Install the Management Packs for PCI-DSS and HIPAA
Lets start by where you need to go to get this content. Simply go to VMware’s MarketPlace (also known as VMware Solution Exchange) https://marketplace.vmware.com. A simple search on PCI-DSS or HIPAA will get you to the vRealize Operations Management Packs.
Install the Management Pack(s) you desire. This is done in the ADMINISTRATION page under SOLUTIONS
Enable PCI-DSS and HIPAA compliance for vSphere
Now that the solution management packs are installed simply make sure they are turned on. This is done in the policy by enabling the alerts. Go to step 6 in the policy, and do two searches, the first for PCI DSS and the second for HIPAA
Change the STATE column from “Inherited Blocked” to “Local Enabled” to enable the alerts (essentially enabling the compliance checking)
Leveraging the vSphere Hardening Compliance dashboard you will now be able to see any alerts related to PCI DSS and HIPAA in addition to the already available (if turned on) vSphere compliance alerts.
Object Level View
From here you can also drill into an object check on it’s compliance posture!
Reports
After installing these solutions Management Packs you will notice that each has installed a compliance report. One for PCI-DSS and the second for HIPAA. This is a great way to check on your compliance posture and make sure that you are trending upwards with time (getting to PCI and HIPAA compliance doesn’t happen over night). Here’s a report snippet below.
vRealize Operations Current Standards Coverage
- vSphere Hardening Guidelines for 5.5
- vSphere Hardening Guidelines for 6.0
- PCI DSS 3.2 for vSphere (as of July 2017 – download the management pack)
- HIPAA for vSphere (as of July 2017 – download the management pack)
- vSphere Hardening Guidelines for 6.5 (Management Pack is Planned, but I can’t provide any dates – sorry)
Summary
Want to harden your vSphere environment? Do you need to adhere to PCI-DSS or HIPAA regulatory requirements for your vSphere environment? Visit the VMware market place today! https://marketplace.vmware.com
