cb122's Posts

Can anyone provide a low tech management freindly summary of the risks of running virtual servers a) without vmware tools, b) with an older version of vmware tools? And out of interest how reg... See more...
Can anyone provide a low tech management freindly summary of the risks of running virtual servers a) without vmware tools, b) with an older version of vmware tools? And out of interest how regular is vmware tools updated? Is it an optional tool or is it essential? What are the pros and cons of installing it and not installing it? Thanks
Thanks all
I am releatively new to vmware but I am interested in fault tolerance design and what specific virtual servers you ensure are on different hosts. For example in small setups if you had 2 domain... See more...
I am releatively new to vmware but I am interested in fault tolerance design and what specific virtual servers you ensure are on different hosts. For example in small setups if you had 2 domain controllers on a single host then does that not constitute a single point of failure for AD services? Aside from DC's, what other specific types of servers/server roles do you ensure are on different hosts? Or with VMWARE HA do you not need to worry as much as if its joined to a cluster the VM's should be picked up by another host in the case of host failure, thus segregation isnt as much of a concern?
if you do any sort of healthchecks/audits for your clients or 3rd party organisations specific to vmware infrastructures, are there any common configuration/maintenance mistakes you find, or an... See more...
if you do any sort of healthchecks/audits for your clients or 3rd party organisations specific to vmware infrastructures, are there any common configuration/maintenance mistakes you find, or any horror stories as a result of these poor configurations/monitoring/maintenance choices, that you would be willing to share? I am keen on learning what can and does go wrong with vmware infrastructure, obviously this may be rare with good qualified and experienced admins, but it is always an interesting topic.
Anyone?
Are any of the vmware hardening guide security recommendations generally accepted as "essential", and priority. Our infrastructure team were looking align to the security of the hosts, vcenter an... See more...
Are any of the vmware hardening guide security recommendations generally accepted as "essential", and priority. Our infrastructure team were looking align to the security of the hosts, vcenter and vnetwork in line with the vmware hardening guide, however by looking at the potential impact column of the spreadsheet - many of the settings seem to introduce many issues for operations/support- without seemingly improving the security massively either. So I wondered if there were some higher priority secureity settings - and if so specific to vsphere and vnetwork which exactly which those are? I assume some are more important than others?
I guess its a similar concept really to testing backups of say MSSQL databases - you want some degree of assurance they are fit for purpose if called upon. I appreciate your feedback and response... See more...
I guess its a similar concept really to testing backups of say MSSQL databases - you want some degree of assurance they are fit for purpose if called upon. I appreciate your feedback and response though.
Do you do any formal testing of your datacentre vmware HA clusters to ensure they actually work in the case of a host failure? What kind of testing do you do, and how often? I.e. pull the power a... See more...
Do you do any formal testing of your datacentre vmware HA clusters to ensure they actually work in the case of a host failure? What kind of testing do you do, and how often? I.e. pull the power and see if another host restarts the VM's isnt probably all that practical in most organisations - so how can you gain assurance your cluster is fit for purpose, what kind of disaster reherseal excercises do you do?
Are there any formal vmware documents that discuss the impact of not removing old snapshots of virtual machines - i.e. performance issues they can cause on the VM itself? Our admin doesnt seem... See more...
Are there any formal vmware documents that discuss the impact of not removing old snapshots of virtual machines - i.e. performance issues they can cause on the VM itself? Our admin doesnt seem to see these as a risk at all - but I have read old snapshots can affect the performance of the VM - but I cant seem to locate any formal documentation where VMware themselves discuss the potential issues of not removing old snapshots. To demonstrate its not an old wives tale.
Firstly I am new to Vmware and clustering, but can anyone help me quantify the risk in the following. As I work in a risk department I get copied into "healthcheck" reports around how our main te... See more...
Firstly I am new to Vmware and clustering, but can anyone help me quantify the risk in the following. As I work in a risk department I get copied into "healthcheck" reports around how our main technologies are setup. One of the reports had a big red exlamation mark around one of our datastores was not connected to every host in the cluster. Looking at it the vm's on that datastore seem to relate to the veeam sofware. Does that make any sense given this situation? As I say I dont work in the vmware team i just wanted a bit of a beginners guide to how big of a risk this is and the likelehood of that risk happening. its not a huge infrastructure, there is 1 cluster, 8 datastores, and 55 VM's. Please keep your answers quite jargon and technical free if at all possible. 
Is there any easy way to export permissions for objects in vcenter? Into a nice user freindly report?
I dont have access to a vcenter but I was made aware that you can view missing critical security patches per host from the update manager feature in vcenter. Can you give me a beginners guide how... See more...
I dont have access to a vcenter but I was made aware that you can view missing critical security patches per host from the update manager feature in vcenter. Can you give me a beginners guide how an admin could do us a single report to list all missing security patches per host? Can this be acheived? Also are there security patches for the vcenter product itself, if so how can you see any missing vcenter patches? Its hard for me to ask the admin to get us a list with having access to vcenter, so any supplementary screenshots would be great.
Can anyone give me a beginners guide to the risks associate with: 1) Not enabling lockdown mode on hosts 2) Not disabling DCUI on hosts I am relatively new to vmware but as I work in risk ... See more...
Can anyone give me a beginners guide to the risks associate with: 1) Not enabling lockdown mode on hosts 2) Not disabling DCUI on hosts I am relatively new to vmware but as I work in risk these findings have been raised in a security healthcheck, I wanted some expert input into just how dangerous these findings are - perhaps in the context of whether they expose the data on the guests residing on those hosts? Please keep answers pretty basic.
I dont have access to a vCenter Server anymore, but I am trying to prescribe to an admin how to get a report/list of missing security patches reports in vCenter for each of the 10 hosts in the da... See more...
I dont have access to a vCenter Server anymore, but I am trying to prescribe to an admin how to get a report/list of missing security patches reports in vCenter for each of the 10 hosts in the datacentre. Is it possible to create a single report from update manager to show all missing patches per host? How would we get this information? is it possible to get it in a single report? Also are there security patches for vcenter server itself? And how can you check those patches are installed? Screenshots would be excellent.
Do you backup the databases behind vcenter? From what I gather they are MSSQL express? I wondered what backup procedures you deploy for the vcenter databases, I would imagine its quite key to bac... See more...
Do you backup the databases behind vcenter? From what I gather they are MSSQL express? I wondered what backup procedures you deploy for the vcenter databases, I would imagine its quite key to backup the database especially in security conscious organisations as the database contains potential forensics audit logs for actions taken over your data centre? What's the risks if you don't backup your vcenter SQLexpress DB? If any?
Are there any free tools or methods of getting a detailed report on security permissions within vCenter? Are there any useful documents on permissions best practices within vCenter? Many Tha... See more...
Are there any free tools or methods of getting a detailed report on security permissions within vCenter? Are there any useful documents on permissions best practices within vCenter? Many Thanks
Thanks Troy, any idea how the script compares to the free compliance checker for vSphere? Does it check for the same kind of issues, or does it check for more? The only other thing I was hopin... See more...
Thanks Troy, any idea how the script compares to the free compliance checker for vSphere? Does it check for the same kind of issues, or does it check for more? The only other thing I was hoping for some input to, was risks associated with vCenter and vSphere above and beyond security related risks. I'd like the assessment to cover all risks not just security related ones.
I have found the free vsphere compliance checker a useful tool, it essentially audits your configs against the hardening document and provides a very simple cross or tick against each configurati... See more...
I have found the free vsphere compliance checker a useful tool, it essentially audits your configs against the hardening document and provides a very simple cross or tick against each configuration to see how well you comply.
Can anyone provide details of some useful tools that would assist in conducting a risk assessment/compliance audit of vcenter and 8x vsphere (v5) hosts? Similar to Microsofts best practice analyz... See more...
Can anyone provide details of some useful tools that would assist in conducting a risk assessment/compliance audit of vcenter and 8x vsphere (v5) hosts? Similar to Microsofts best practice analyzers. But anything to identify risks/misconfigurations in the way vcenter or vsphere has been setup?