Hardening and Compliance for vSphere

For some time now vRealize Operations has been able to check the vSphere environment against VMware’s vSphere Hardening Guidelines – vRealize Operations vSphere Hardening.

 

More and more organizations have the need to meet certain regulatory requirements, namely PCI-DSS, HIPAA, and others.  With the recent release of vRealize Operations 6.6 VMware has also introduced PCI-DSS and HIPAA compliance for vSphere.  This is available to clients with vRealize Operations Advanced edition and higher.

 

 

Download and Install the Management Packs for PCI-DSS and HIPAA

Lets start by where you need to go to get this content.  Simply go to VMware’s MarketPlace (also known as VMware Solution Exchange)  https://marketplace.vmware.com.  A simple search on PCI-DSS or HIPAA will get you to the vRealize Operations Management Packs.

 

Install the Management Pack(s) you desire.  This is done in the ADMINISTRATION page under SOLUTIONS

 

Enable PCI-DSS and HIPAA compliance for vSphere

Now that the solution management packs are installed simply make sure they are turned on.  This is done in the policy by enabling the alerts.  Go to step 6 in the policy, and do two searches, the first for PCI DSS and the second for HIPAA

Change the STATE column from “Inherited Blocked” to “Local Enabled” to enable the alerts (essentially enabling the compliance checking)

 

Leveraging the vSphere Hardening Compliance dashboard you will now be able to see any alerts related to PCI DSS and HIPAA in addition to the already available (if turned on) vSphere compliance alerts.

 

 

Object Level View

From here you can also drill into an object check on it’s compliance posture!

 

 

Reports

After installing these solutions Management Packs you will notice that each has installed a compliance report.  One for PCI-DSS and the second for HIPAA.  This is a great way to check on your compliance posture and make sure that you are trending upwards with time (getting to PCI and HIPAA compliance doesn’t happen over night).  Here’s a report snippet below.

 

 

 

vRealize Operations Current Standards Coverage

 

 

Summary

Want to harden your vSphere environment?  Do you need to adhere to PCI-DSS or HIPAA regulatory requirements for your vSphere environment?  Visit the VMware market place today!  https://marketplace.vmware.com