3 Replies Latest reply on Jun 7, 2007 11:22 AM by Texiwill

    virtualization and compliance requirements

    bjaming Novice

      from my understanding of the applicable legislative requirements for my particular industry I need to be able to log every single logon event to the administrative console and track what is done during that session.  For example, I can't allow someone to log on and clone a machine and take the image "away" with them.


      What is your experience with VMware and compliance related issues including SOX and hippa with lots of financial data?


      What are the recommended best practices for securing a virtual infrastructure?



      What are companies like KPMG and BDO looking for in the audit process that I should bear in mind while designing a very large virtual corporate network?


      Specifically audit related information only, please.


      I don't want to read 1000 pages of documentation :-P


      oh and ESX 3.0.1 btw

        • 1. Re: virtualization and compliance requirements
          Pisapatis Enthusiast

          The host operating system (VMware ESX) is mostly used for administrative and operational management of the underlying virtual infrastructure. SOX, HIPPA etc are mostly related to the applications that run on the guest operating systems and the compliance measures are the same as if the environment is in physical boxes. As a best practice, I recommend to avoid installing any application on ESX server.

          • 2. Re: virtualization and compliance requirements
            IdeCable Novice

            Snare agent: an open-sourced event logs to syslog converter. Works like a charm.




            That way, you'll be able to monitor user login in/outs, login failures, etc.


            As for user monitoring,


            Ghost Keylogger




            This will make complete reports of user activity.


            Hope this helps.

            • 3. Re: virtualization and compliance requirements
              Texiwill Guru
              vExpertUser Moderators



              Many people find it convenient to impose SOX logging restrictions on the ESX Server as well as the guests. While some people comment on the guests in this thread, the ESX Server requires some attention as well.


              If you have a SOX Linux Team available in your company, contact them, as they have already determined what is necessary. If you do not, at the very least I would to the following:


                 Restrict Root access.

                 Give each 'ADMIN' a separate user account in the wheel group

                 Use SUDO to record everything an ADMIN does. Do not allow anyone

                     to login directly as root. SUDO records commands in /var/log/messages

                     by default.

                 Backup the logfiles to tape or send them to your syslog server.


              Best regards,