Legal

VMware Compliance Checker for vSphere now available

There are limited design resources for vSphere environments, so any tool that can help validate our design is very welcome. Learn about a VMware tool that will check a number of compliance and hardening configuration values.

When it comes to a VMware vSphere environment, we have all surely changed our minds on the core design at some point. While we have features such as VMware Host Profiles to ensure consistency of a configuration template across a number of ESX(i) hosts, that may not be enough.

VMware has created a new tool called the Compliance Checker for vSphere that helps scan an environment and report on the ability to be secure and compliant. Before we start a flame war in the discussion, I know that security means different things to different people. This resource is based off of the VMware vSphere Security Hardening Guide.

That said, the Compliance Checker can be a good way to validate against that configuration. I've downloaded this tool, and I'm preparing to run it in my home lab environment, which includes three ESXi hosts and a vCenter Server. For the purpose of my home lab, I have not applied any of the Security Hardening Guide recommendations; therefore, the report of issues should be long and thorough.

The installation and download of the Compliance Checker tool is very straightforward for a Windows system (including a Windows 7 workstation). A Java Runtime Environment (JRE) does need to be installed locally for the tool to install correctly. Once the tool is installed, simply point it to the vCenter Server and scan (Figure A). Figure A

Click the image to enlarge.
The results leverage an ActiveX control, so the HTML report will be best experienced within Internet Explorer. The scan from my lab returns some a number of expected results, as I generally have used the default configuration for my lab (Figure B). Figure B

Click the image to enlarge.

Each value has some text explaining the values (which can be helpful in remediation attempts), and the first few have been expanded. Each value is fairly straightforward and can easily be referenced in the Security Hardening Guide.

This tool is a nice start to a comprehensive configuration management and security configuration for the vSphere environment. Absent of specific requirements, this is a good resource for security and compliance management for vSphere environments.

How do you manage security and compliance for vSphere? Share your strategies.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

2 comments
Mike Barron
Mike Barron

It keeps crashing Java while trying to open IE. I was looking forward to using this tool; it looks like it could be quite useful.

Craig_B
Craig_B

I tried this out however I have yet to get a report. I installed this on a Win 7 and a Win Server 2008 machine using IE 8,9 and FF 5 running Java 6.26. I changed the browser security settings to allow it to run. The initial application runs, connects to vcenter however when it opens up the browser, I get a browser warning about a slow script. If I let it continue it either never completes with the browser not responding or appears to complete but doesn't display any data.