Recent Posts

Recommended vSphere-focused Security Sessions at VMworld 2015

posted

Hi everyone, Here’s a quick blog post for you as you’re going through the VMworld Schedule Builder for VMworld 2015. Below is a list of security sessions that are primarily focused on vSphere Security. The NSX guys have a whole other laundry list of awesome sessions but for now, we’re going to focus on vSphere. Read more...

Custom certificate on the outside, VMware CA (VMCA) on the inside – Replacing vCenter 6.0’s SSL Certificate

posted

[UPDATE] So far, this blog has been one of my most popular here on the vSphere blog. Since publishing this over 18 months ago we have learned quite a bit about the different requirements and considerations customers are under. This “Hybrid Mode” of certificate configuration, where you replace the externally facing reverse proxy certificate and Read more...

vSphere 6 Hardening Guide GA now Available

posted

It’s time to release the vSphere 6.0 Hardening Guide! As I mentioned back in April, there are a lot of changes that have been made. In talking with customers and auditors in detail for the past year, the conclusion was reached that the Hardening Guide was Difficult to understand Contained a mix of Operational Guidance Read more...

vSphere 6 Security Update

posted

Recently I was asked by the vBrownbag community to present on vSphere 6 security. vBrownbag is a community-lead podcast series that features online webinars covering various Virtualization and VMware Certification topics, all led by members of the community. It’s an outstanding resource if you are looking to achieve certification or are just in the mood Read more...

vSphere Hardening Guide 6.0 Public Beta 1 available

posted

  I’m happy to announce that the vSphere 6 Hardening Guide Public Beta 1 is now available. The guide is being provided as Excel spreadsheet. I’m also making a PDF doc available for easier viewing. In addition,  I’ve also included an Excel spreadsheet of the guidelines that have moved out of the guide and into Read more...

vSphere 6.0 Lockdown Mode Exception Users

posted

In vSphere 6.0 we now have a new concept called Exception Users. The intent of Exception Users is that they are not general admin users. I would consider them more of a “Service Account” type of access. As a matter of fact, just the other day I got an email from someone internal at VMware Read more...

vSphere 6.0 Lockdown Modes

posted

Lockdown mode has been around in various forms for many releases. The behaviors have changed a few times since 5.1 with varying levels of usability success. For vSphere 6.0 we are trying to address some of these issues. Personally, what I’d love to see happen with all customers running V6.0 is that you run at Read more...

vSphere 6.0 Hardening Guide – Overview of coming changes

posted

The vSphere Hardening Guide provides guidance on how to securely deploy VMware vSphere in a production environment. The vSphere Hardening Guide also serves as a foundation upon which regulatory compliance objectives are built. These organizations map compliance guidelines with vSphere Hardening Guide guidelines. Hardening Guides are an industry recognized method of implementing stricter security to Read more...