VMware vSphere Icon

vSphere 7 – Integrated Windows Authentication (IWA) Deprecation

posted

Readers of the vSphere 7.0 release notes have noticed that, in the “Product Support Notices” section, Integrated Windows Authentication is listed as deprecated. Naturally, there are quite a few questions about this, especially in the wake of all the changes Microsoft has been suggesting to Active Directory. Let’s try to answer some of these! What Read more...
VMware vSphere Icon

vSphere 7 – vSphere Trust Authority

posted

At VMware we talk a lot about intrinsic security, which is the idea that security in a vSphere environment is baked in to the product at a deep level, not sprinkled on as an afterthought. Security is a huge focus of vSphere 7, even though when we talk about the new features it’s usually about Read more...
VMware vSphere Icon

vSphere 7 – vSGX & Secure Enclaves

posted

Virtualization is a pretty revolutionary idea, adding a layer of software to help us solve other problems in IT. From a risk perspective, though, it adds more things to track. This isn’t to say that ESXi is insecure – far from it. ESXi is the most secure hypervisor around (our Common Criteria certifications help demonstrate Read more...
VMware vSphere Icon

vSphere 7 – Lifecycle Management

posted

We greatly improved lifecycle management in vSphere 7. The new innovations for lifecycle management in vSphere 7 make it easy for customers to have consistent and up-to-date systems. The major lifecycle management improvements in vSphere 7 are vCenter Server Profiles, Update Planner and vSphere Lifecycle Manager (vLCM). vCenter Profiles is way to ensure configuration and Read more...
vSphere Security Shield

VMSA-2020-0006 & CVE-2020-3952: What You Need to Know

posted

On April 9, 2020 VMware published VMSA-2020-0006, outlining a serious vulnerability which may affect vCenter Server 6.7 and external Platform Services Controllers (PSCs) if certain criteria are met. This post is intended to help VMware customers and partners understand the issue better by collecting common questions. It is not intended to replace official VMSA communication. Read more...
VMware vSphere Icon

vSphere 7 – Certificate Management

posted

Now that vSphere 7 has shipped and support for vSphere 6.0 has ended it’s time to revisit a lot of the certificate management methods and techniques we use when managing vSphere environments. Certificates are what drive the TLS encryption that protects all network communication to & from vSphere. First, vCenter Server 7.0 has done some Read more...
VMware vSphere Icon

vSphere 7 – Identity Federation

posted

One of the two biggest ways to improve an organization’s security posture is through good account management and password hygiene.* As the old saying goes, it’s easier said than done. Good account management seems simple enough, but with hundreds of systems and devices in the average organization it’s easy to miss one. As for passwords, Read more...
vSphere Security Shield

Good Security Thrives in Simplicity

posted

(This post is a collaboration between Carlos Phoenix, Senior Compliance and Cyber Risk Solutions Strategist, and Bob Plankers, Technical Marketing Architect, and is first in a series of articles discussing the relationship between compliance, security, and complexity.) As we work to add security to our systems we often use different security protocols. A protocol is Read more...
vSphere Security Shield

Update to Guidance on VMware vSphere & Microsoft AD LDAP (ADV190023)

posted

Update (5/13/2020): This post has been updated to reflect current guidance on this topic. More information can be found in the post “vSphere Authentication, Microsoft Active Directory LDAP, and Event ID 2889.“ — Customers who are using Microsoft Active Directory (AD) as an authentication source for VMware vSphere and other VMware products have been tracking Read more...
vSphere Security Shield

vSphere & Intel CPU Vulnerabilities: CacheOut & Vector Register Sampling

posted

Intel Corporation has released security advisory INTEL-SA-00329, in which they disclose new CPU vulnerabilities present in their CPU product families (L1D Eviction Sampling, aka “CacheOut,” and Vector Register Sampling). Intel has disclosed these issues but has not yet provided new CPU microcode that resolves or mitigates the issues. This post is intended to help VMware Read more...