Here is another alternative to my previous blog post, which provides an automated way of hardening newly created Virtual Machines by leveraging an SNMP trap sent from vCenter Server to vCenter Orchestrator to execute a “Secure VM” workflow.
The video below demonstrates the necessary configurations for both your vCenter Server and vCenter Orchestrator Server and the import of the custom “Secure VM” vCO package. Before getting started, please ensure you have installed the SNMP vCO plugin on your vCO Server. You do not need to configure the plugin, as that is covered in the video.
You can download the Secure VM vCO package here which contains the following:
- Secure VM.workflow – This is a workflow that accepts a VirtualMachine as input and applies a set of advanced settings to the virtual machines from a text file
- SecureVM SNMP Trap.policy – This is an SNMP policy template for securing a Virtual Machine which is triggered based on a particular OID which is the “VM Created” event from a vCenter Server
- vphere-5-security-hardening.txt – This is a text file stored as a resource element that contains the list of advanced settings to be applied to a virtual machine
Note: The Secure VM workflow has been created so it can be executed independently of the vCenter Server SNMP trap trigger and you can easily integrate that workflow with your existing provisioning process or workflows.
If you want to get more details about the vCO workflow and the SNMP trap policy template, I highly encourage you to take a look at the scripting sections to see how it all works. Both the workflow and SNMP policy provides additional logs when executed, below are screenshots after they have been executed:
As you can see, you now have another option of automatically securing newly created Virtual Machines and apply the latest security hardening parameters by leveraging both vCenter Server and vCenter Orchestrator.
Additional Info:
- Automatically Securing Virtual Machines Using a vCenter Alarm
- Automate the Hardening of Your Virtual Machine VMX Configurations
References:
- /orchestrator/2011/09/snmp-plug-in-integration-with-vcenter.html
- http://mighty-virtualization.blogspot.com/2011/08/vco-whats-up-with-vcoptionvalue.html
Get notification of new blog postings and more by following lamw on Twitter: @lamw
Doug B
Great post that really showcases the power of integration and automation! Thanks for posting this.
VMware Automation
@Doug B,
You’re very welcome!
safelist ad
BREAKING NEWS…Planet Earth Marketing has done it again.
Your Personal-Email to 500,000 Unique Known Buyers for just $14.
95! All interested in your service or product.
Today Only get a FREE Upgrade to 2,500,000 Unique Known Buyers!
Use PROMO CODE: 529 for your own Silver Submitter Software and a Global-Marketing Membership.
Common Sense tells you this Package spells nothing less than success.
Gain The Edge At Planet Earth Marketing.
Darren
Thanks! I found this while trying to look for a way to set the advanced options of a VM using Orchestrator. Used the provided workflows as an example on how to do it. May even use the secure workflows one day on VMs that need hardening.
I Wanted to automate and schedule setting disk.EnableUUID to false on Win 2008 machines so the new data protection appliance would successfully back them up. This provided a good example of how to accomplish setting advanced options and re-configuring the VM through vCO scripting.
news feed
Some tips i have always told folks is that when evaluating a good on-line electronics store, there are a few variables that you have to consider. First and foremost, you should make sure to locate a reputable and reliable retailer that has got great evaluations and rankings from other buyers and marketplace professionals. This will make certain you are handling a well-known store that delivers good service and assistance to their patrons. Many thanks sharing your ideas on this website.
holashh
Hi, let me ask for one thing, is it posible to change value/values or add another key to be changed, I am looking for change value of “disk.EnableUUID” parameter, thanks