Automatically Securing Virtual Machines Using vCenter Orchestrator

Here is another alternative to my previous blog post, which provides an automated way of hardening newly created Virtual Machines by leveraging an SNMP trap sent from vCenter Server to vCenter Orchestrator to execute a “Secure VM” workflow.

The video below demonstrates the necessary configurations for both your vCenter Server and vCenter Orchestrator Server and the import of the custom “Secure VM” vCO package. Before getting started, please ensure you have installed the SNMP vCO plugin on your vCO Server. You do not need to configure the plugin, as that is covered in the video.

You can download the Secure VM vCO package here which contains the following:

Secure VM.workflow – This is a workflow that accepts a VirtualMachine as input and applies a set of advanced settings to the virtual machines from a text file
SecureVM SNMP Trap.policy – This is an SNMP policy template for securing a Virtual Machine which is triggered based on a particular OID which is the “VM Created” event from a vCenter Server
vphere-5-security-hardening.txt – This is a text file stored as a resource element that contains the list of advanced settings to be applied to a virtual machine

Note: The Secure VM workflow has been created so it can be executed independently of the vCenter Server SNMP trap trigger and you can easily integrate that workflow with your existing provisioning process or workflows.

If you want to get more details about the vCO workflow and the SNMP trap policy template, I highly encourage you to take a look at the scripting sections to see how it all works. Both the workflow and SNMP policy provides additional logs when executed, below are screenshots after they have been executed:

As you can see, you now have another option of automatically securing newly created Virtual Machines and apply the latest security hardening parameters by leveraging both vCenter Server and vCenter Orchestrator.

Additional Info:

References:

Get notification of new blog postings and more by following lamw on Twitter: @lamw

Automatically Securing Virtual Machines Using vCenter Orchestrator

Related Articles

Announcing Limited Extension of VMware vSphere 6.5 General Support Period

The AI-Ready Enterprise Platform: Unleashing AI for Every Enterprise

Announcing: vSphere 7 Update 2 Release

VMware Cloud on Dell EMC Achieves SOC2 Type 2 Certification

Photon OS 4.0 Release Announcement

VMware Cloud on Dell EMC: Now Available in the UK, Germany, and France

What's New in the Early February 2021 Release of VMware Cloud on Dell EMC

Advanced Cross vCenter Server Migration Integrated in vSphere 7 U1c

Join us LIVE in a Few Hours to Talk SECURITY!

Introducing VMware Tools New Download Page & Inclusion in the Product Lifecycle Matrix

Bitfusion 2.5.0 Release Gives You the Features You Want

Join Us Live on October 22 to Talk about Compliance Audits and vSphere!

Learn How vSphere Will Power Your Future Career: Join the VMUG Event on Oct 15

Better vMotion for Graphics with EVC for GPUs

Announcing the ESXi-Arm Fling