Reply to Message

View discussion in a popup

Replying to:
mikefoley
VMware Employee
VMware Employee

vSphere 5.5 Update 1 Hardening Guide beta release - Please comment

Hi,

Attached is the beta release of the vSphere 5.5 Update 1 Hardening Guide.

There are 4 new additions to the guide. Please review.

1. enable-VGA-Only-Mode: Used for server VM's that don't need a graphical console. e.g. Linux web servers, Windows Core, etc.

2. disable-non-essential-3D-features: Remove 3D graphic capabilities from VM's that don't need them

3. use-unique-roles: A new companion control to use-service-accounts. If you have multiple service accounts then each one should have a unique role with just enough privs to accomplish their task. This is in line with least-priv operations

4. change-sso-admin-password: A great catch. When installing Windows vCenter, you're prompted to change the password of administrator@vsphere.local. When installing the VCSA in a default manner you are not. This control reminds you to go back and do that.

The rest are formatting, spelling, clarification, etc..

I had considered removing "disable-datastore-browser" and "disable-mob". I'm holding off at the moment on those. I think they add more trouble than they protect. Feedback on these two would be GREATLY appreciated.

Your feedback is key. I really do listen! Smiley Happy

The intent is for this to GA in one week. The GA of the hardening guide will be reflected in the latest updates from the VCM team as well.

mike

mike