VMware Communities > VMTN > General > Security & vShield Zones > Discussions
Up to Discussions in Security & vShield Zones

This Question is Answered

1 "helpful" answer available (6 pts)
3 Replies Last post: Mar 18, 2009 10:27 AM by Texiwill
Reply

SNMPv3

Mar 16, 2009 5:22 PM

Click to view altonius_au's profile Enthusiast altonius_au 17 posts since
Nov 11, 2008

Hi All,

I am going through and evaluating our ESX security design and noticed that we're still using SNMPv2 (with the added benefit of clear-text communication) on our ESX Hosts.

Has anyone out there succesfully implemented SNMPv3 on ESX 3.5 (and above) without too much hassle? Let me know your experiences before I book my time in the test labs.

Many thanks
Altonius

Reply Re: SNMPv3 Mar 17, 2009 6:14 AM
Click to view Texiwill's profile Guru Texiwill 10,056 posts since
Jan 13, 2004 Moderator
Hello,

Which version of snmp you choose to use will depend entirely on the tools you use on both sides. Since it is a GNU/Linux version of net-snmp 5.0.9 you can use any instructions for setting up SNMPv3 that you would normally use for RHEL3 version of GNU/Linux.

This is really a Linux question more than an ESX question. ESX does not make use of SNMP for its own purposes but it is there for add on products from other vendors.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Reply Re: SNMPv3 Mar 17, 2009 5:16 PM
in response to: Texiwill
Click to view altonius_au's profile Enthusiast altonius_au 17 posts since
Nov 11, 2008

Thanks Texiwill,

That helps, however do you or anyone know anything about the ESXi SNMP Settings.

ESXi can only send SNMP traps, and from the admin guide it only has basic community string etc, indicating SNMPv1 or v2.

Also as an aside for anyone else is looking at SNMP, vCentre only sends SNMPv1 traps (page 93 of admin guide)

Altonius

Reply Re: SNMPv3 Mar 18, 2009 10:27 AM
in response to: altonius_au
Click to view Texiwill's profile Guru Texiwill 10,056 posts since
Jan 13, 2004 Moderator
Hello,

That helps, however do you or anyone know anything about the ESXi SNMP Settings.

There is no real way to configure SNMP with ESXi, they rely almost exclusively on the CIM server.

Also as an aside for anyone else is looking at SNMP, vCentre only sends SNMPv1 traps (page 93 of admin guide)

That is correct....

I think they just chose the easiest path and v1 is the easiest. Not necessarily secure but the easiest. vCetner sends traps but does not 'use' traps sent to it.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Actions
Up to Discussions in Security & vShield Zones