Security

vSphere 7 – Integrated Windows Authentication (IWA) Deprecation

Bob Plankers posted May 6th, 2020

Readers of the vSphere 7.0 release notes have noticed that, in the “Product Support Notices” section, Integrated Windows Authentication is listed as deprecated. Naturally, there are quite a few questions about this, especially in the wake of all the changes Microsoft has been suggesting to Active Directory. Let’s try to answer some of these! What Read more...

vSphere 7 – vSphere Trust Authority

Bob Plankers posted April 22nd, 2020

At VMware we talk a lot about intrinsic security, which is the idea that security in a vSphere environment is baked in to the product at a deep level, not sprinkled on as an afterthought. Security is a huge focus of vSphere 7, even though when we talk about the new features it’s usually about Read more...

vSphere 7 – vSGX & Secure Enclaves

Bob Plankers posted April 15th, 2020

Virtualization is a pretty revolutionary idea, adding a layer of software to help us solve other problems in IT. From a risk perspective, though, it adds more things to track. This isn’t to say that ESXi is insecure – far from it. ESXi is the most secure hypervisor around (our Common Criteria certifications help demonstrate Read more...

vSphere 7 – Lifecycle Management

Niels Hagoort posted April 14th, 2020

We greatly improved lifecycle management in vSphere 7. The new innovations for lifecycle management in vSphere 7 make it easy for customers to have consistent and up-to-date systems. The major lifecycle management improvements in vSphere 7 are vCenter Server Profiles, Update Planner and vSphere Lifecycle Manager (vLCM). vCenter Profiles is way to ensure configuration and Read more...

VMSA-2020-0006 & CVE-2020-3952: What You Need to Know

Bob Plankers posted April 13th, 2020

On April 9, 2020 VMware published VMSA-2020-0006, outlining a serious vulnerability which may affect vCenter Server 6.7 and external Platform Services Controllers (PSCs) if certain criteria are met. This post is intended to help VMware customers and partners understand the issue better by collecting common questions. It is not intended to replace official VMSA communication. Read more...

vSphere 7 – Certificate Management

Bob Plankers posted April 7th, 2020

Now that vSphere 7 has shipped and support for vSphere 6.0 has ended it’s time to revisit a lot of the certificate management methods and techniques we use when managing vSphere environments. Certificates are what drive the TLS encryption that protects all network communication to & from vSphere. First, vCenter Server 7.0 has done some Read more...

vSphere 7 – Identity Federation

Bob Plankers posted March 24th, 2020

One of the two biggest ways to improve an organization’s security posture is through good account management and password hygiene.* As the old saying goes, it’s easier said than done. Good account management seems simple enough, but with hundreds of systems and devices in the average organization it’s easy to miss one. As for passwords, Read more...

Good Security Thrives in Simplicity

Bob Plankers posted February 18th, 2020

(This post is a collaboration between Carlos Phoenix, Senior Compliance and Cyber Risk Solutions Strategist, and Bob Plankers, Technical Marketing Architect, and is first in a series of articles discussing the relationship between compliance, security, and complexity.) As we work to add security to our systems we often use different security protocols. A protocol is Read more...

Update to Guidance on VMware vSphere & Microsoft AD LDAP (ADV190023)

Bob Plankers posted February 6th, 2020

Update (5/13/2020): This post has been updated to reflect current guidance on this topic. More information can be found in the post “vSphere Authentication, Microsoft Active Directory LDAP, and Event ID 2889.“ — Customers who are using Microsoft Active Directory (AD) as an authentication source for VMware vSphere and other VMware products have been tracking Read more...

vSphere & Intel CPU Vulnerabilities: CacheOut & Vector Register Sampling

Bob Plankers posted January 28th, 2020

Intel Corporation has released security advisory INTEL-SA-00329, in which they disclose new CPU vulnerabilities present in their CPU product families (L1D Eviction Sampling, aka “CacheOut,” and Vector Register Sampling). Intel has disclosed these issues but has not yet provided new CPU microcode that resolves or mitigates the issues. This post is intended to help VMware Read more...

VMware vSphere Blog