Automatically Securing Virtual Machines Using vCenter Orchestrator

Here is another alternative to my previous blog post, which provides an automated way of hardening newly created Virtual Machines by leveraging an SNMP trap sent from vCenter Server to vCenter Orchestrator to execute a “Secure VM” workflow.

The video below demonstrates the necessary configurations for both your vCenter Server and vCenter Orchestrator Server and the import of the custom “Secure VM” vCO package. Before getting started, please ensure you have installed the SNMP vCO plugin on your vCO Server. You do not need to configure the plugin, as that is covered in the video.

You can download the Secure VM vCO package here which contains the following:

Secure VM.workflow – This is a workflow that accepts a VirtualMachine as input and applies a set of advanced settings to the virtual machines from a text file
SecureVM SNMP Trap.policy – This is an SNMP policy template for securing a Virtual Machine which is triggered based on a particular OID which is the “VM Created” event from a vCenter Server
vphere-5-security-hardening.txt – This is a text file stored as a resource element that contains the list of advanced settings to be applied to a virtual machine

Note: The Secure VM workflow has been created so it can be executed independently of the vCenter Server SNMP trap trigger and you can easily integrate that workflow with your existing provisioning process or workflows.

If you want to get more details about the vCO workflow and the SNMP trap policy template, I highly encourage you to take a look at the scripting sections to see how it all works. Both the workflow and SNMP policy provides additional logs when executed, below are screenshots after they have been executed:

As you can see, you now have another option of automatically securing newly created Virtual Machines and apply the latest security hardening parameters by leveraging both vCenter Server and vCenter Orchestrator.

Additional Info:

References:

Get notification of new blog postings and more by following lamw on Twitter: @lamw

Automatically Securing Virtual Machines Using vCenter Orchestrator

Related Articles

Announcing availability of vSphere 7 Update 3a

Introducing Project Capitola: Software defined memory for data centric workloads

Project Monterey:The Excitement Builds One Year In

Announcing NVMe/TCP Support with VMware vSphere 7 Update 3

Announcing vSphere 7 Update 3

Update on the Apple 2019 Mac Pro 7,1 for ESXi

Announcing the Project Monterey Early Access Program

Cloud Transformation – A Three-Part Story

Coming to You Live on June 8! vSphere with Tanzu Training Event

Running Confluent Kafka on VMware vSphere with Tanzu

VMware Cloud on Dell EMC – Come See What’s New in Our April 2021 Release

Introducing the vSphere Virtual Machine Service

Announcing Limited Extension of VMware vSphere 6.5 General Support Period

The AI-Ready Enterprise Platform: Unleashing AI for Every Enterprise

Announcing: vSphere 7 Update 2 Release