VMware Cloud Community
TheVMinator
Expert
Expert
‎08-06-2015 11:19 AM
Jump to solution

Virtual machine advanced setting configuration

The hardening guide for 5.5 specifies that you should disable the ability to automatically install VMware tools in a VM if you are targeting risk profile 2 (which is the risk profile pertaining to any compliance standard). 

Does this mean that if I have a vCenter server managing and a set of VMs that are within scope of HIPAA, and some that aren't, that I should disallow the automatic installation of VMware tools for both vCenter and the in-scope HIPAA VMs?

Reply
0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎08-06-2015 11:26 AM
Jump to solution

Hello,

Yes it does. However, it does not preclude the use of tools like Intigua, Puppet, Chef to automate the upgrade of the tools through other means. The issue is that upgrades of tools can change behavior and you need to know why you are making those upgrades, how they are made, when they are made, etc. Not only that they should all be made for HIPAA for example at similar times so there is no VMtools drift.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

Reply
0 Kudos
2 Replies
Texiwill
Leadership
Leadership
‎08-06-2015 11:26 AM
Jump to solution

Hello,

Yes it does. However, it does not preclude the use of tools like Intigua, Puppet, Chef to automate the upgrade of the tools through other means. The issue is that upgrades of tools can change behavior and you need to know why you are making those upgrades, how they are made, when they are made, etc. Not only that they should all be made for HIPAA for example at similar times so there is no VMtools drift.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
TheVMinator
Expert
Expert
‎08-27-2015 02:33 PM
Jump to solution

ok great - thanks

Reply
0 Kudos