A new update to hardening guide which matches now the latest VMware vSphere 5.5 release. There are wewly introduced four sections which matches the latest vSphere 5.5 U1 – Enable-VGA-Only-Mode, Disable-non-essential-3D-features, Change-sso-admin-password, Use-unique-roles.
You might ask what this guide is for? The answer is simple. To help VMware administrators to make vSphere more secure with following simple tips present in spreadsheet… -:). Mike Foley from VMware (previously worked with RSA) with his team and many external and internal persons were working on the new guide since several weeks and few drafts were available before the official release today. If you're a VMware admin or consultant, it's a document to have!.
I have blogged about previous releases, and how-to use this quide in detail here. Note that there is also a mobile version available. Check out this post for details.
Quote from the release:
There are 4 new additions to the guide. Please review.
- Enable-VGA-Only-Mode: Used for server VM’s that don’t need a graphical console. e.g. Linux web servers, Windows Core, etc.
- Disable-non-essential-3D-features: Remove 3D graphic capabilities from VM’s that don’t need them.
- Use-unique-roles: A new companion control to use-service-accounts. If you have multiple service accounts then each one should have a unique role with just enough privs to accomplish their task. This is in line with least-priv operations.
- Change-sso-admin-password: A great catch. When installing Windows vCenter, you’re prompted to change the password of [email protected]. When installing the VCSA in a default manner you are not. This control reminds you to go back and do that.
Screenshot showing the guide below:
Source: VMware Blog
Get the document from the dedicated vSphere Hardening page!
