vSphere 5 Security Hardening Guide

After several drafts, the final vSphere 5 Security Hardening Guide document has been released. The new thing is that this time it comes in a spreadsheet format only (as an xlsx). It's because apparently people ending by putting the text into spreadheet format anyway…. The vSphere 5 Security Hardening Guide document is a result of feedback from customers, partners and vmware users.

On the spreadsheet there are several tabs. Each of those tabs is meant to be used for different part of VI. Network, VM, ESXi, vCenter etc… There is also an Intro TAB where you'll be able to read the instructions and guidelines on the terms and different other informations.

The different tabs of the vSphere 5 Security Hardening Guide provides also different CLI commands, where possible, and also links to the Online vSphere Documentation Section.

A quick quote from the announce:

– The guide is being released exclusively in spreadsheet format. Many of you have indicated that, although the accompanying text found in previous versions of the guide is interesting, the specific steps for assessment and remediation of the recommendations are really what matters. Since people often end up putting the guide into spreadsheet format anyway, we figure we'd save you the trouble!

– All guidelines have the same set of metadata, and a new standardized and extensible identification scheme. This will enable customers to more readily adapt the guide to suit their particular environment by selecting the specific guidelines and fields that are of interest to them, and also help them in the generation of standard checklists and similar documents.

– A primary goal for this guide was to enable greater automatability. To this end, the guide includes both assessment and remediation commands for the three main vSphere CLIs: vSphere CLI (vCLI), ESXi Shell, and PowerCLI. References have also been added to sections of the vSphere API documentation that relate to each specific guideline.

– The previous recommendation levels have been replaced by a system using Profiles. This is part of the move towards putting the guide into industry-standard format, a potential benefit that will be fully realized in the future.

VMware Security Hardening Guide – “You can use the Microsoft Windows built-in system account or a user account to run vCenter Server. With a user account, you can enable Windows authentication for SQL Server; it also provides more security. The user account must be an administrator on the local machine. In the installation wizard, you specify the account name as DomainName\Username.

If you are using SQL Server for the vCenter database, you must configure the SQL Server database to allow the domain account access to SQL Server. Even if you do not plan to use Microsoft Windows authentication for SQL Server, or if you are using an Oracle database, you might want to set up a local user account for the vCenter Server system. In this case, the only requirement is that the user account is an administrator on the local machine. The Microsoft Windows built-in system account has more permissions and rights on the server than the vCenter Server system requires, which can contribute to security problems.

You can get the vSphere 5 Security Hardening Guide from this page.