Hardening and Compliance for vSphere

For some time now vRealize Operations has been able to check the vSphere environment against VMware’s vSphere Hardening Guidelines – vRealize Operations vSphere Hardening.

More and more organizations have the need to meet certain regulatory requirements, namely PCI-DSS, HIPAA, and others. With the recent release of vRealize Operations 6.6 VMware has also introduced PCI-DSS and HIPAA compliance for vSphere. This is available to clients with vRealize Operations Advanced edition and higher.

Download and Install the Management Packs for PCI-DSS and HIPAA

Lets start by where you need to go to get this content. Simply go to VMware’s MarketPlace (also known as VMware Solution Exchange) https://marketplace.vmware.com. A simple search on PCI-DSS or HIPAA will get you to the vRealize Operations Management Packs.

Install the Management Pack(s) you desire. This is done in the ADMINISTRATION page under SOLUTIONS

Enable PCI-DSS and HIPAA compliance for vSphere

Now that the solution management packs are installed simply make sure they are turned on. This is done in the policy by enabling the alerts. Go to step 6 in the policy, and do two searches, the first for PCI DSS and the second for HIPAA

Change the STATE column from “Inherited Blocked” to “Local Enabled” to enable the alerts (essentially enabling the compliance checking)

Leveraging the vSphere Hardening Compliance dashboard you will now be able to see any alerts related to PCI DSS and HIPAA in addition to the already available (if turned on) vSphere compliance alerts.

Object Level View

From here you can also drill into an object check on it’s compliance posture!

Reports

After installing these solutions Management Packs you will notice that each has installed a compliance report. One for PCI-DSS and the second for HIPAA. This is a great way to check on your compliance posture and make sure that you are trending upwards with time (getting to PCI and HIPAA compliance doesn’t happen over night). Here’s a report snippet below.

vRealize Operations Current Standards Coverage

vSphere Hardening Guidelines for 5.5
vSphere Hardening Guidelines for 6.0
PCI DSS 3.2 for vSphere (as of July 2017 – download the management pack)
HIPAA for vSphere (as of July 2017 – download the management pack)
vSphere Hardening Guidelines for 6.5 (Management Pack is Planned, but I can’t provide any dates – sorry)

Summary

Want to harden your vSphere environment? Do you need to adhere to PCI-DSS or HIPAA regulatory requirements for your vSphere environment? Visit the VMware market place today! https://marketplace.vmware.com

PCI-DSS & HIPAA compliance with vRealize Operations

Hardening and Compliance for vSphere

Download and Install the Management Packs for PCI-DSS and HIPAA

Enable PCI-DSS and HIPAA compliance for vSphere

Object Level View

Reports

vRealize Operations Current Standards Coverage

Summary

Related Posts:

Hardening and Compliance for vSphere

Download and Install the Management Packs for PCI-DSS and HIPAA

Enable PCI-DSS and HIPAA compliance for vSphere

Object Level View

Reports

vRealize Operations Current Standards Coverage

Summary

Related Posts:

Related Articles

Introducing VMware Identity Manager Cluster Auto-Recovery in VMware Aria Suite Lifecycle 8.14

What’s New for VMware Cloud Foundation offering VMware Aria Operations for Networks 6.12

Image mapping management in Aria Automation with idem provider for Aria Automation.

VMware Tanzu Transformer at AWS re:Invent 2023

Discovering VMware Aria Operations for Networks with a Recap from VMware Explore Barcelona and Tokyo