VMware vSphere Security Cookbook
Format: PDF / Kindle (mobi) / ePub
Over 75 practical recipes to help you successfully secure your vSphere environment
About This Book
- Secure your vSphere environment from the ground up, with step-by-step instructions covering all major vCenter components
- Eliminate pesky certificate errors in a conventional and secure manner
- Get acquainted with the new features of vSphere through a practical, recipe-based approach
Who This Book Is For
This book is intended for virtualization professionals who are experienced with the setup and configuration of VMware vSphere, but didn't get the opportunity to learn how to secure the environment properly.
What You Will Learn
- Harden your ESXi host and guest virtual machines to reduce the vulnerabilities in your system
- Configure vCenter networks and storage security to establish secure virtual networks between environments
- Install and configure vShield Manager and Data Security to manage anti-malware and anitvirus policies for your virtual environments
- Set up vShield App and Edge, including firewall and VPN configurations to help secure your networks in your environment
- Use Sophos Anti-virus to establish a vShield Endpoint to secure your environment
Within the IT field, security is often a low priority when it comes to building new environments. As security compliance continues to gain prominence, proper and secure product configuration becomes even more important. Applying security to a complex virtual environment can be a daunting and time-consuming endeavor. This book provides a perfect plan for step-by-step configuration of vSphere 5.5 and its associated components.
The book starts by showing you how to configure the core vSphere components of the ESXi host before covering guest virtual machine security, user management, and network and storage security. Moving ahead, you will learn specifically about the configuration of X.509 certificates utilizing the SSL Certificate Automation Tool. The book concludes by taking you through VXLAN virtual wire configuration.
possible.Click on OK to accept the changes, as shown in the following screenshot: How it works… Configuring SSO is very similar to configuring an external Active Directory or Open LDAP directory. In essence, SSO is just another directory; in this case, the information is stored in a SQL server database instead of a LDAP-based data structure. Once a user is validated by the appropriate directory, they are granted a secure token by the security token service (STS). Once the token is issued, it
logged into vSphere Web Client with a user account in the administrators group. How to do it… A typical task of using vMotion to move a virtual machine from one host to another within a cluster is done by the following permissions: Resource: Query vMotionResource: Migrate powered on virtual machineResource: Migrate powered off virtual machine To utilize the group we created in Active Directory, we'll create a corresponding role in vCenter that has the specific vMotion permissions assigned to
traffic. It should be noted that assumptions are made in this section with regard to storage networking. Although network architecture guidance is beyond the scope of this cookbook, providing a highly available storage network that is free from Single Points of Failure (SPoF) is always a best practice. Fibre Channel storage is primarily secured through fiber switches and connected SAN configurations. There are no specific security settings within vCenter as there are for iSCSI connections.
Now that all the components have been configured, we need to check the status of the endpoint protection. To do so, perform the following steps: Launch vSphere Client using an account with administrative rights, if it is not already open.Navigate to Home | Inventory | Hosts and Clusters from the menu bar.Navigate to Datacenter | Lab Cluster | esx5501.training.lab.Select the vShield tab.Click on the Endpoint option to view the status, and note the normal event log entries. Now that we've
requestsRegistering the Single Sign-On certificateRegistering the Inventory Service certificateRegistering the vCenter certificateRegistering the Web Client certificateRegistering the Log Browser certificateRegistering the Update Manager certificateInstalling an ESXi host certificate Introduction Certificates provide digital identification and a mechanism to establish trust. We can think of a certificate as a driver's license or a government-issued ID card. The trusted root authority can be