Hi, I was told vRA and IDM are hardened by default so the only hardening configuration we need to do is on LCM. Does that mean that vRA appliance is a hardened image? Please correct me if I'm wrong.
My next question is the vRealize Suite Lifecycle Manager Security Hardening Guide provided is based on what standard?
I still question the security hole introduced in vRA 8.10.2 that established "Network access is required between client machines and ESXI hosts on port 443". VMware "Cannot establish a remote console connection in VMware Aria Automation 8.10.2 (90655)"
The remote console functionality changed in the Aria Automation 8.10.2 release.
This change was prompted due to the introduction of webmks and the deprecated of mks ticket type in vCenter 8.x
Prior to the Aria Automation 8.10.2 version the remote console traffic from end user client machines to the ESXI hosts was proxied through the Aria Automation appliance.
In the 8.10.2 release which leverages the webmks ticket type the connection is now directly made between the browser on the client machine and the ESXI host. This introduces new requirements for remote console traffic in the Aria Automation 8.10.2 release.
As such, I have gone with 8.10.1 cluster behind a load balancer and have the appliances on private management network. Can you provide the hardening documentation that was referenced prior to 8.11?
As for LCM, we have it on a private management network that is only accessible from jump boxes and accessible by only our virtual infrastructure admins. Thank you for the security link on that.
Damion Terrell . + (He/Him) + . * . + @ + . * . + .
Core IT Service Specialist * . + * . + . + . + * +
UNM – IT Platforms – VIS + . . . . . . . . .
. + . + * . + * .
* . . + . . . . + . + * + .
“You learn the job of the person above you, * + . + * @
and you teach your job to the person below you..” . * +