- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vSphere 5.5 Update 1 Hardening Guide beta release - Please comment
Hi,
Attached is the beta release of the vSphere 5.5 Update 1 Hardening Guide.
There are 4 new additions to the guide. Please review.
1. enable-VGA-Only-Mode: Used for server VM's that don't need a graphical console. e.g. Linux web servers, Windows Core, etc.
2. disable-non-essential-3D-features: Remove 3D graphic capabilities from VM's that don't need them
3. use-unique-roles: A new companion control to use-service-accounts. If you have multiple service accounts then each one should have a unique role with just enough privs to accomplish their task. This is in line with least-priv operations
4. change-sso-admin-password: A great catch. When installing Windows vCenter, you're prompted to change the password of administrator@vsphere.local. When installing the VCSA in a default manner you are not. This control reminds you to go back and do that.
The rest are formatting, spelling, clarification, etc..
I had considered removing "disable-datastore-browser" and "disable-mob". I'm holding off at the moment on those. I think they add more trouble than they protect. Feedback on these two would be GREATLY appreciated.
Your feedback is key. I really do listen! ![]()
The intent is for this to GA in one week. The GA of the hardening guide will be reflected in the latest updates from the VCM team as well.
mike