Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: April 2010

Monthly Archives: April 2010

vSphere 4.0 Hardening Guide Released

VMware would like to announce the availability of the final release of the vSphere 4.0 Security Hardening Guide.  This version incorporates the extensive feedback from the VMware community on the previous draft release, which was published in January.  We would like to thank all the people who took the time to go through the draft release and provide their comments.

This guide represents a new approach to providing security guidance from VMware. As compared with the previous VI3 Hardening Guides, the current guide has the following highlights.

  • Structure: this version uses a standardized format, with formally defined sections, templates, and reference codes.  The goal is to increase clarity and reduce ambiguity, make it easier to reference individual guidelines, and most of all, enhance the ability to automate guideline enforcement.
  • Recommendation levels: in following with the formats used by NIST, CIS, and others, this guide categorizes all guidelines into three security levels.  Instead of recommending a single set of guidelines for all environments, this guide encourages more of a risk-based approach, so that individual administrators can decide which guidelines apply to their environment.

Overall, there are more than 100 guidelines, with the following major sections:

  • Introduction
  • Virtual Machines
  • Host (both ESXi and ESX)
  • vNetwork
  • vCenter
  • Console OS (for ESX only)

The Introduction section describes the scope, structure, recommendation levels, and other aspects of the guide in more detail.  Please read this section first before diving into the rest of the guide, as it provides important context.

Although this version of the guide can be considered as "final" and appropriate for use in production environments, we recognize that there is always room for improvement.  We will continue to welcome comments and corrections on this guide, and we will publish updated versions of the guide from time to time as feedback is accumulated.  This feedback of course will also be incorporated into the hardening guide for future releases of vSphere.

The vSphere 4.0 Hardening Guide has been posted to the VMware Communities in the "Security and vShield Zones” area, in the Documents tab.  Please provide feedback in the Comments area.

Guide to Deploying Secure Multi-Tenancy

Cisco, NetApp, and VMware have been collaborating to help customers interested in moving towards a cloud model of IT by providing guidance on how to deploy a secure multi-tenant architecture.  The latest in this effort is a web document entitled β€œDeploying Secure Multi-Tenancy into Virtualized Data Centers”.  This Deployment Guide is structured to provide server, network, and storage architects and engineers with the implementation details to deploy and secure multi-tenant environments.  This document also describes the procedures required to deploy the secure multi-tenant infrastructure, provision a tenant, and apply business and security policies to the tenant.  This is complementary to the Design Guide on this topic that was release earlier, and is a Cisco Validated Design (CVD).  It’s also a great example of VMware products integrating with partner products, specifically vShield Zones with the Cisco UCS and Nexus 1000v.