Automatically Securing Virtual Machines Using vCenter Orchestrator

posted

6 Comments

Here is another alternative to my previous blog post, which provides an automated way of hardening newly created Virtual Machines by leveraging an SNMP trap sent from vCenter Server to vCenter Orchestrator to execute a “Secure VM” workflow.


The video below demonstrates the necessary configurations for both your vCenter Server and vCenter Orchestrator Server and the import of the custom “Secure VM” vCO package. Before getting started, please ensure you have installed the SNMP vCO plugin on your vCO Server. You do not need to configure the plugin, as that is covered in the video.

You can download the Secure VM vCO package here which contains the following:

  • Secure VM.workflow – This is a workflow that accepts a VirtualMachine as input and applies a set of advanced settings to the virtual machines from a text file
  • SecureVM SNMP Trap.policy – This is an SNMP policy template for securing a Virtual Machine which is triggered based on a particular OID which is the “VM Created” event from a vCenter Server
  • vphere-5-security-hardening.txt – This is a text file stored as a resource element that contains the list of advanced settings to be applied to a virtual machine

Note: The Secure VM workflow has been created so it can be executed independently of the vCenter Server SNMP trap trigger and you can easily integrate that workflow with your existing provisioning process or workflows.

If you want to get more details about the vCO workflow and the SNMP trap policy template, I highly encourage you to take a look at the scripting sections to see how it all works. Both the workflow and SNMP policy provides additional logs when executed, below are screenshots after they have been executed:

Vco-1 Vco-2

As you can see, you now have another option of automatically securing newly created Virtual Machines and apply the latest security hardening parameters by leveraging both vCenter Server and vCenter Orchestrator.

Additional Info:

 

References:

Get notification of new blog postings and more by following lamw on Twitter:  @lamw

About the Author

William Lam

William Lam is currently a Staff Solutions Architect in the VMware Cloud on AWS team within the Cloud Platform Business Unit (CPBU) at VMware. He primarily focus on Automation, Integration and Operation of our Software Defined Datacenter (SDDC). One of his core responsibilities is driving VMC’s Customer[0] initiative and help provide early feedback on the usability, design and architecture of new VMC features and capabilities. He works closely with Engineering & Product Management on developing new ideas and integrations for VMC. Lastly, through customer interactions and feedback he continues to help champion their challenges and needs to help further improve our products and services.