Screen Shot 2013-10-30 at 1.58.09 PM


I’m happy to report that the vSphere 5.5 Hardening Guide has been released for General Availability. My thanks to all that contributed their feedback to make this happen. The guide has been given a full makeover with regard to documentation references. I’m in Renate’s debt for those stellar contributions. Additionally, some guidelines have been removed and some new ones added.

Along with the guide, similar to the 5.1 release, I’m releasing a change log worksheet.

One thing to note, the “Profiles” column has been renamed “Risk Profiles”. This was done to bring to light the function of the column. I am frequently quizzed by IT administrators that have been told to “Implement the Hardening Guide”. As written, the Hardening Guide is a list of guidelines, not mandates.  Please note that some guidelines in the Risk Profile 1 category can break functionality!

As with any security measures, they should not be applied in a blanket fashion. I would encourage IT administrations and security folks to work together and assess each guideline for applicability, risk management and impact to the business and operations. The Risk Profiles help to categorize the guidelines that could be applicable to your environment.

The release of the guide is current available in the Communities.

I’m working with the VMware web team to have the guide and the change log officially moved over to the Hardening Guide page on I will update the discussion in the Communities and post a reply to this blog article when that has been completed.

As always, your input is very valuable to me and VMware as a whole. If you have questions that can’t be asked in a public forum, reach out to me via email, For more frequent updates to vSphere security news and facts, follow me on Twitter at @vSphereSecurity

Thanks for reading!


About the Author

Mike Foley

Mike Foley is a Staff Technical Marketing Architect for vSphere Security at VMware. His primary goal is to help IT Admins build more secure platforms that stand up to scrutiny from security teams with the least impact to IT Operations. Mike is also the current author of the vSphere Security Configuration (formerly Hardening) Guide. Previously, Mike was on the evangelist team at RSA where he concentrated on virtualization and cloud security. Mike was awarded a patent (8,601,544) in December 2013 for dual-band authentication using the virtual infrastructure Mike has a personal blog at and contributes to the VMware vSphere and Security blogs as well. Follow him at @vSphereSecurity on Twitter