Month: April 2014

VMware hardening

VMware Hardening has a separate document for the ESXi and vCenter. If we refer the VMware Hardening Guide provided by VMware Link.In excel we get the complete the details for individual element of VMware vsphere component for hardening.

Hardening Details are available for different version of vSphere. Recently  VMware has launched the VMware vsphere 5.5 Update 1 Beta document. Link . Few extra component like graphic feature and sso element are added.

Again It Depend upon client what standards they follow for the VMware hardening. Working with one of the Client I have gone through some basic Hardening component which they follow as basic standard ones. Hardening was segregated into multiple component of each product. In depth VMware docs are available. I will just discuss very basic components, Each point activity will be a separate post

VMware ESXi

  • NTP configuration
  • Modify the ESXi Shell time out
  • Create the ESXi Costume users
  • Remove the ESXi Login via https
  • Configure ESXi shell time out
  • Configure the syslog
  • DCUI banner modify
  • SSH login disclaimer.

VMware vCenter 

  • Create the secondary SSO user account.
  • SSO account password Expiration.
  • Modify the Web Client timeout.
  • Disable the access of “Browse from datastore” from the Web client.
  • Modify the multiple console from vCenter of a VM.

Virtual Machine

  • Disable VMware tool Uninstall.
  • Explicitly disable copy/paste operations from the console.
  • Disable non essential 3D features.
  • Enable VGA Only Mode.