Recent Posts

Custom certificate on the outside, VMware CA (VMCA) on the inside – Replacing vCenter 6.0’s SSL Certificate

posted

[UPDATE] So far, this blog has been one of my most popular here on the vSphere blog. Since publishing this over 18 months ago we have learned quite a bit about the different requirements and considerations customers are under. This “Hybrid Mode” of certificate configuration, where you replace the externally facing reverse proxy certificate and Read more...

vSphere 6 Hardening Guide GA now Available

posted

It’s time to release the vSphere 6.0 Hardening Guide! As I mentioned back in April, there are a lot of changes that have been made. In talking with customers and auditors in detail for the past year, the conclusion was reached that the Hardening Guide was Difficult to understand Contained a mix of Operational Guidance Read more...

vSphere 6 Security Update

posted

Recently I was asked by the vBrownbag community to present on vSphere 6 security. vBrownbag is a community-lead podcast series that features online webinars covering various Virtualization and VMware Certification topics, all led by members of the community. It’s an outstanding resource if you are looking to achieve certification or are just in the mood Read more...

vSphere Hardening Guide 6.0 Public Beta 1 available

posted

  I’m happy to announce that the vSphere 6 Hardening Guide Public Beta 1 is now available. The guide is being provided as Excel spreadsheet. I’m also making a PDF doc available for easier viewing. In addition,  I’ve also included an Excel spreadsheet of the guidelines that have moved out of the guide and into Read more...

vSphere 6.0 Lockdown Mode Exception Users

posted

In vSphere 6.0 we now have a new concept called Exception Users. The intent of Exception Users is that they are not general admin users. I would consider them more of a “Service Account” type of access. As a matter of fact, just the other day I got an email from someone internal at VMware Read more...

vSphere 6.0 Lockdown Modes

posted

Lockdown mode has been around in various forms for many releases. The behaviors have changed a few times since 5.1 with varying levels of usability success. For vSphere 6.0 we are trying to address some of these issues. Personally, what I’d love to see happen with all customers running V6.0 is that you run at Read more...

vSphere 6.0 Hardening Guide – Overview of coming changes

posted

The vSphere Hardening Guide provides guidance on how to securely deploy VMware vSphere in a production environment. The vSphere Hardening Guide also serves as a foundation upon which regulatory compliance objectives are built. These organizations map compliance guidelines with vSphere Hardening Guide guidelines. Hardening Guides are an industry recognized method of implementing stricter security to Read more...

Logging USB devices plugged into ESXi

posted

  I just found an interesting question on an internal message board here in VMware. A customer was wondering if it was possible to disable USB ports at the ESXi level. They are a very security conscience organization and they want to block any opportunity for someone internally with malicious intent to plug in a Read more...