Home > Blogs > VMware Security & Compliance Blog

Announcing vSphere 4.0 Hardening Guide Public Draft Release

VMware would like to announce the availability of a public draft for the vSphere 4.0 Security Hardening Guide.  This guide represents a new approach to providing security guidance from VMware. As compared with the previous VI3 Hardening Guides, the current guide has the following highlights 

  • Structure: this version uses a standardized format, with formally defined sections, templates, and reference codes.  The goal is to increase clarity and reduce ambiguity, make it easier to reference individual guidelines, and most of all, enhance the ability to automate guideline enforcement.
  • Recommendation levels: in following with the formats used by NIST, CIS, and others, this guide categorizes all guidelines into three security levels.  Instead of recommending a single set of guidelines for all environments, this guide encourages more of a risk-based approach, so that individual administrators can decide which guidelines apply to their environment.

Overall, there are more than 100 guidelines. The guide itself is split into the following major sections:

  • Introduction
  • Virtual Machines
  • Host
  • vNetwork
  • vCenter
  • Console OS (for ESX)

The Introduction section describes the structure, recommendation levels, and other aspects of the guide in more detail.

Another new aspect of the guide is the desire to create it with input from the VMware community.  This draft is available for public comment for a period of approximately one month. VMware’s intention is to incorporate public feedback into the next revision of the guide, which will be the final version.   However, this current revision is the result of a private review of an initial draft, and so we believe that the final version will not differ too significantly.  This revision can therefore be used for customer production deployments today, with the caveat that some new guidelines might be added and some existing ones slightly modified.

We invite anybody who’s interested to download the draft, analyze it and provide comments. Items for which additional feedback from the community is desired are indicated in the text of the guide, e.g. in italics/highlighted, with a “TODO” label, in a subsection titled “To Be Addressed”.

The sections of the guide have been posted to the VMware Communities in the "Security and vShield Zones” area.  They can be found in the Documents tab.  For each section, please provide feedback in the Comments area for the specific document. 

This entry was posted in Uncategorized on by .

About Charu Chaubal

Charu Chaubal is the Director of Technical Marketing for the Cloud Platform Business Unit at VMware, and runs the team that works on the vSphere product line. He has been at the company since 2006, and has been responsible for customer education and sales enablement for a wide range of datacenter technologies, such as hypervisor security, hyperconverged storage, and virtualization of data science applications. Previously, he worked at Sun Microsystems, where he had over 7 years experience with architecting distributed resource management and HPC infrastructure software solutions.