2012 VMware vSphere Security Hardening Guide: Best Practices

Vmware SecurityLet’s talk VMware security. Is your ESXi root password still “password”, or even better “password1”?

I’ve seen a lot of weird and cool passwords, but passwords are just one form of security. Today while surfing Twitter I ran into a tweet by @VMware and thought it would be good to write this post about it.

VMware 5.0 Security Hardening Guide Released – Official Guide” June 01, 2012

The first thing that came to my mind was – hasn’t ESXi 5.0 already been out 6 months? Just asking…

When I downloaded the file (HardeningGuide-vSphere50-v1.0), Ā I found it was an Excel file with serval tabs: Intro, VM, EXSi, vNetwork, and vCenter.

Each tabĀ consistedĀ of pretty good information which I will not go into because I have linked to the file and you can download it for yourself.

The guide covers security hardening pretty good but what about security best practices?

3 Security Best Practices to Make VMware More Secure

Ā 1. iLo and Virtual Connect

Something else I would like to note is this file covers hardening VMware, but security best practices also cover hardening access to your physical servers, storage, and network equipment via direct access to the data center or through a remote management console such as iLo and Virtual Connect (HP). Hackers don’t have to log into VMs, ESXi, or vCenter to cause an outage or problems.

2. Think of vCenter as your DC

Another best practice that I have always found difficult is limiting access to your vCenter. This has gotten harder to do because more and more IT departments are required to let everyone provision their own VMs (they say it’s Agile), and if you do not have vCloud Director or another form of a self-service portal, good luck keeping things secure. Think of vCenter as your DC, do you let anyone just walk in there?

3. Automation Service Accounts

You also have to be aware that the service account being used by any automation can also be used by hackers – keep these account names and passwords locked away, but available in case the person that created it decides one day to quit, and then you are SOL.

For more about VMware security practices, please check out this post on the best book to learn network security.

This concludes this post on VMware Security Hardening and Best Practices. Do you have any feedback or suggestions, we would like to hear them – please comment below.

Leave a Reply