When it comes to a VMware vSphere environment, we have all surely changed our minds on the core design at some point. While we have features such as VMware Host Profiles to ensure consistency of a configuration template across a number of ESX(i) hosts, that may not be enough.
VMware has created a new tool called the Compliance Checker for vSphere that helps scan an environment and report on the ability to be secure and compliant. Before we start a flame war in the discussion, I know that security means different things to different people. This resource is based off of the VMware vSphere Security Hardening Guide.
That said, the Compliance Checker can be a good way to validate against that configuration. I've downloaded this tool, and I'm preparing to run it in my home lab environment, which includes three ESXi hosts and a vCenter Server. For the purpose of my home lab, I have not applied any of the Security Hardening Guide recommendations; therefore, the report of issues should be long and thorough.The installation and download of the Compliance Checker tool is very straightforward for a Windows system (including a Windows 7 workstation). A Java Runtime Environment (JRE) does need to be installed locally for the tool to install correctly. Once the tool is installed, simply point it to the vCenter Server and scan (Figure A). Figure A
Click the image to enlarge.The results leverage an ActiveX control, so the HTML report will be best experienced within Internet Explorer. The scan from my lab returns some a number of expected results, as I generally have used the default configuration for my lab (Figure B). Figure B
Click the image to enlarge.
Each value has some text explaining the values (which can be helpful in remediation attempts), and the first few have been expanded. Each value is fairly straightforward and can easily be referenced in the Security Hardening Guide.
This tool is a nice start to a comprehensive configuration management and security configuration for the vSphere environment. Absent of specific requirements, this is a good resource for security and compliance management for vSphere environments.
How do you manage security and compliance for vSphere? Share your strategies.
Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.