Solved: vSphere ESXi and vCenter Hardening Guide

nlks · ‎07-27-2020

Hi, I'm working on the ESXi & vCenter hardening and is seeking for some guides. CIS Benchmark only has list for ESXi, and I found hardening guide for vSphere on VMWare website here.

But there are some confusions, as I Googled, vSphere is a software suite that includes ESXi and vCenter, does it means I can use the guide above to perform hardening for both ESXi and vCenter?

I'm not sure whether my understand is correct (e.g. there are top forums for vSphere VS vCenter here), any help/clarification would be much appreciated.

ashilkrishnan · ‎07-27-2020

Hi

Security hardening document will cover most of the topics in securing your vSphere environment --> Security Hardening Guides - VMware Security | IN

For enhancing security on vCenter, you can refer following document --> vCenter Server Security Best Practices

View solution in original post

ashilkrishnan · ‎07-27-2020

Hi

Security hardening document will cover most of the topics in securing your vSphere environment --> Security Hardening Guides - VMware Security | IN

For enhancing security on vCenter, you can refer following document --> vCenter Server Security Best Practices

nlks · ‎07-28-2020

Hi, sorry, but do you mean I can use the Hardening Security Guide for both ESXi and vCenter?

ashilkrishnan · ‎07-29-2020

Yes. It has some parameters which requires changes in vCenter, however most of the configurations are related to ESXi an VMs. For additional information related to securing vCenter, please refer the second link vCenter Server Security Best Practices

Hope that helps

DominikWeglarz · ‎07-29-2020

nlks

You can look at :

STIGs Document Library – DoD Cyber Exchange and search "vmware".

I also recommend to use https://www.runecast.com/ with already built-in options to verify if you are in compliance with STIG, CIS, PCI DSS, ...

All

vSphere ESXi and vCenter Hardening Guide