I have recently downloaded the vSphere hardening guide for 5.5 and looking for guidance on how to deploy to multiple servers. The guide outlines a long list of configurations to apply but this can be a daunting task if you have several hosts.
Is it possible to script the changes? Does anyone have experience scripting them?
To use the hardening guide please look at the first sheet and pick a risk profile. Once you do that apply the changes according to the profile. You cannot do all of them since some are profile specific and contradictory between profiles. Most sites will just stop at risk profile #3.
Yes you can script some of these elements, specifically 51 of the 57 VM changes using Perl or PowerShell depending on your desires. The others are still under investigation by many. However, there will be ones where you have to decide how to proceed before you do it.
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.