Home > Blogs > VMware Security & Compliance Blog > Tag Archives: ESX

Tag Archives: ESX

VMware’s CP&C releases another free Compliance Checker!

Buenos Dias,

I'm George Gerchow, Director of VMware's Center for Policy & Compliance. I'll be here all week to talk about Compliance in the Cloud and answer your questions. 

Today we are going to give you access to a FREE downloadable tool that helps you get started on the “Trusted Cloud” ride. 

It is the vSphere 4.1 Compliance Checker fresh off the virtual assembly line and compiled by the good folks at CP&C!

 Here is how it works: 

  • The Compliance Checker runs an assessment on ESX/ESXi hosts managed by vCenter
  • The assessment is based on a predefined subset of 29 of the vSphere 4.1 Security Hardening Guide rules and is run against the first 5 ESX/ESXi hosts found on the target vCenter
  • The results for each host include the rules, the rule descriptions, and the success or failure of each rule

At VMware, we like to call the Compliance Checkers “Crack” for IT as it get’s ya hooked and you will come back for more! 

Here is the link so you can get started hardening your vSphere Environment today: 

http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html  

Now this poses a few questions and we would love to get your feedback: 

  1. Are free tools like this helpful?
  2. How do you currently lock down your vSphere environment?
  3. Would remediation of the non-compliance results be a good next step?
  4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

I will be rollin’ into Denver today like Tom Brady rolled over the Miami Secondary last night but will be online waiting to hear from you. (FYI, IN Denver, I am giving a Keynote at a Healthcare seminar on Trusted Cloud)

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

Here is a sneek peek of what the Checker looks like:

Checker.09.11 

Thanks and have a great day from all of us at CP&C and VMware!

vSphere 4.1 Security Hardening Guidelines for vCenter Configuration Manager (VCM) Released

The VMware Center for Policy and Compliance is excited to announce our content release of the vSphere 4.1 Security Hardening Guidelines for vCenter Configuration Manager (VCM).
 
CP&C is a group of folks with alphabet soup behind their names that build content, thought leadership and evangelize our Security & Compliance  strategy all over the planet.
 
Why should you care about this latest release? That’s easy, the content supports ESX 4.1, ESXi 4.1 and vCenter 4.1. That means we can automate the continuous collection of data, compare it to our standards and within minutes provide prescriptive guidance on best practices and  reduce the LONG painful audit cycle.
 
Together VCM and Host Profiles become an important  part of creating a trusted virtual environment.  With VCM and the new CP&C content you can harden your ESX/i hosts based on vSphere standards and use Host Profiles to push these secure settings across your virtual infrastructure.  There is no longer a need to painstakingly pour-over the best practices or reference technical documentation in order to configure the Host Profile reference host(s) to meet these standards.
 
By the way, these standards have been recommended to the PCI Security Council as benchmark for 2.0 content around virtualization. (Stay Tuned!)
 
Yours Truly, George Gerchow – VMware Director of CP&C.
 
vSphere 4.1 Security Hardening Guidelines Compliance Dashboard snapshots:

Ss.1


Ss.2


Ss.3


Ss.4