Vmware vSphere 5.5 vSphere 6.0 vSphere 6.5 vSphere 6.7

VMware vSphere Security Ways – Part Two

Want create site? Find Free WordPress Themes and plugins.

In the first part of the article,  VMware vSphere security enhancements were examined for ways to enhance vSphere ESXi security. In this section I'll introduce vCenter Server 's security mechanisms  to the latest version of the current  6.5 . 

The vCenter Server solution  focuses on a range of virtualization solutions for the vSphere suite. The same position has made the security of this solution one of the main challenges of the organization, and in recent years the architecture of this software has undergone many changes in order to provide optimal facilities. vCenter Server is a comprehensive management, control, monitoring and maintenance center that guides not only the vSphere processing environment  but also other virtualization products at the network and storage control level, or on the desktop and  vCloud , hence any unauthorized access to This solution can be dangerous for the entire infrastructure.

One of the steps that has been taken in recent years to secure this strategy is  vCSA or Linux  vCenter . This virtual tool also provides the same  vCenter Server that can be installed on Windows with more features like  vSphere Update Manager and  vCenter Server High Availability . Also, its Linux environment is customized to enable the least amount of resources and essential services in the data space. Compared with the Windows version, the amount of updates required by this tool has been reduced, which has significantly reduced the security risks of the solution.

Here's how to upgrade vCenter Server security to the infrastructure under Version 6.5,  and let your manager send you a monthly SLA report with ease.

  1. One of the first steps is designing a network dedicated to vCenter Server activities  . You must design different departments such as management,  vMotion ,  FT ,  vSAN and other sensitive networks before setting up and activating services in such a way that damage to the network does not harm other areas. Additionally, encrypt the data stream on the network so that the data sent to other sites is unrecoverable.
  2. If you use side-by-side approaches to monitor, control, or support virtual infrastructure, you'll need to define a specific account for each service and define it as much as you need at the vCenter level
  3. If possible, the virtual and physical cluster will isolate the infrastructure management from the cluster of workloads to prevent the attack from one virtual machine to the management infrastructure.
  4. Limit the virtual network switches that are in the network management and enable only the essential features on it. Also allocate required bandwidth and storage and memory resources to  vCenter away from a wide range of attacks.
  5. Limit SSH and Shell access  and  use it only when troubleshooting.
  6. Do not enable any peripheral services such as  TFTP or other Linux services in  vCSA .
  7. Access Content Library resources  by defining user groups.
  8. Do not define as much as possible any access for people directly connected to the virtual machine service. Instead, use  Remote Access or similar software.
  9. Periodically monitor the status of vCenter Server events and activities  to identify abnormal changes faster.
  10. Block additional ports using the vCenter Server firewall.
  11. Avoid installing or testing unnecessary plugins on vCenter Server as much as possible  . Each code added is a risk. Defining an account, assigning access, compromising user interface stability and code errors at the time of vCenter Server update  are among these.
  12. Define a timetable for vCSA backup  so that you can retrieve the best possible status at the right time.
  13. Set up the vCenter Server Management Center  by installing the  Platform Service Controller outside the Embedded Architecture  ( PSC ) so that any potential attack on one of the  vCenters does not disrupt access to the infrastructure and services. 
  14. Since the  vCenter Server and  PSC services such as the  VMware Certificate Authority are sensitive to time-sensitive changes, use a built-in server for NTP settings  and make sure that it is functioning correctly.  

In the third part of the vSphere Security Promotion series, I  will introduce ways to secure the environment of virtual machines and services.

Did you find apk for android? You can find new Free Android Games and apps.

Sabir Hussain Soomro
About Sabir Hussain Experienced IT Specialist with a history of working in the information technology and services industry. Skilled in VMware ESX, Domain Name System (DNS), DHCP, VoIP, Water Backup Solutions, Adobe Connect, Servers, and Data Center. but quickly found a large following of readers and subscribers. Connect on: Google + or Feel free to network via Twitter.@VMGate110