1 2 Previous Next 23 Replies Latest reply on May 28, 2014 6:43 AM by Texiwill

    vSphere 5.5 Update 1 Hardening Guide beta release - Please comment

    mikefoley Expert
    VMware EmployeesvExpert

      Hi,

       

      Attached is the beta release of the vSphere 5.5 Update 1 Hardening Guide.

       

      There are 4 new additions to the guide. Please review.

       

       

      1. enable-VGA-Only-Mode: Used for server VM's that don't need a graphical console. e.g. Linux web servers, Windows Core, etc.

       

      2. disable-non-essential-3D-features: Remove 3D graphic capabilities from VM's that don't need them

       

      3. use-unique-roles: A new companion control to use-service-accounts. If you have multiple service accounts then each one should have a unique role with just enough privs to accomplish their task. This is in line with least-priv operations

       

      4. change-sso-admin-password: A great catch. When installing Windows vCenter, you're prompted to change the password of administrator@vsphere.local. When installing the VCSA in a default manner you are not. This control reminds you to go back and do that.

       

       

      The rest are formatting, spelling, clarification, etc..

       

       

      I had considered removing "disable-datastore-browser" and "disable-mob". I'm holding off at the moment on those. I think they add more trouble than they protect. Feedback on these two would be GREATLY appreciated.

       

      Your feedback is key. I really do listen!

       

      The intent is for this to GA in one week. The GA of the hardening guide will be reflected in the latest updates from the VCM team as well.

       

      mike

        1 2 Previous Next