VMware Cloud Community
pearlyshells
Contributor
Contributor
‎03-27-2009 05:55 AM
Jump to solution

Securing ESX

We are a relatively new VMware shopt and up until now, our main concern was just getting Virtualization started. So, we've been successful creating our basic infrastructure with several ESX hosts and VirtualCenter mananging the hosts and VMs. We've done some of the basic functions like P2V, cloning, creating templates, etc. Now, we are going to get into how best to secure our Virtual Infrastructure. As we do, I thought about the Best Practice to disable the remote root login capability. This would mean that I'd have to create individual user accts for our 3 administrators on each of our ESX3.5 hosts. Then, a thought came to mind. What if I could associate our Windows Active Directory accounts with the ESX user accts? If that were possible, I would not really have to manage the user accounts at each ESX host but only at the AD level. Is that possible? If so, how?

Reply
0 Kudos
1 Solution

Accepted Solutions
vmmeup
Expert
Expert
‎03-27-2009 09:37 AM
Jump to solution

This might be helpful

Sid Smith-----

VCP, VTSP, CCNA, CCA(Xen Server), MCTS Hyper-V & SCVMM08

http://www.dailyhypervisor.com

  • Don't forget to award points for correct and helpful answers.

Sid Smith ----- VCP, VTSP, CCNA, CCA(Xen Server), MCTS Hyper-V & SCVMM08 [http://www.dailyhypervisor.com] - Don't forget to award points for correct and helpful answers. 😉

View solution in original post

Reply
0 Kudos
6 Replies
aguacero
Hot Shot
Hot Shot
‎03-27-2009 06:03 AM
Jump to solution

To secure your ESX infrastructure, you can use vWire's free tool called ConfigCheck. This tiool in the backend uses the back practice guide for certain areas. Lots of information which will provide you to links to secure your VMs, service console, integrate into AD. What I last remember is the only option that was not there which would have been great was either a print or save function. But overall, it will guide you to secure your infrastructure. Of course, use best judgement using those recommedations.

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!
Reply
vmroyale
Immortal
Immortal
‎03-27-2009 06:18 AM
Jump to solution

Hello.

For the AD authentication integration, check out Enabling Active Directory Authentication with ESX Server. Also make sure to check out the Security Hardening Best Practices.

Good Luck!

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
Reply
Texiwill
Leadership
Leadership
‎03-27-2009 09:27 AM
Jump to solution

Hello,

Moved to the Security and Compliance forum.

Add the Top Virtualization Security Links to your list of places to research.

However, before you do this you should determine which security standard to which you will be held. There are three: VMware's Hardening Guide, CISecurity ESX Benchmark, and the DISA STIG for ESX. If your company has not chosen one, the DISA STIG is by far more complete than anything else at the moment.

There are several areas to which you should consider when securing a virtualization host: Those are Management mechanisms, Storage Mechanisms, Virtual Machines, Virtual Networks, and the Virtualization Hosts themselves.

Where you want to begin is just as important where to go. So first review your current company Security Policy and see if it covers ESX. If it does not you will have to make some adjustments to that first. Then determine a standard to which you will Audit and then finally implement.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
vmmeup
Expert
Expert
‎03-27-2009 09:37 AM
Jump to solution

This might be helpful

Sid Smith-----

VCP, VTSP, CCNA, CCA(Xen Server), MCTS Hyper-V & SCVMM08

http://www.dailyhypervisor.com

  • Don't forget to award points for correct and helpful answers.

Sid Smith ----- VCP, VTSP, CCNA, CCA(Xen Server), MCTS Hyper-V & SCVMM08 [http://www.dailyhypervisor.com] - Don't forget to award points for correct and helpful answers. 😉
Reply
0 Kudos
pearlyshells
Contributor
Contributor
‎03-27-2009 09:50 AM
Jump to solution

thanks very much. I believe this is exactly what I need

appreciate everyone's advice

Reply
0 Kudos
pearlyshells
Contributor
Contributor
‎03-27-2009 09:51 AM
Jump to solution

Thanks for your advice. I will definitely use it in the construction of our virtual security policies

Reply
0 Kudos