vSphere 6 Security Update

Recently I was asked by the vBrownbag community to present on vSphere 6 security. vBrownbag is a community-lead podcast series that features online webinars covering various Virtualization and VMware Certification topics, all led by members of the community. It’s an outstanding resource if you are looking to achieve certification or are just in the mood to learn. Read on to see how this webinar went and view for yourself.

What’s really great is that these types of discussions are becoming more and more frequent. I attribute that to VMware’s virtual infrastructure underpinning SO many businesses that the security teams are putting pressure on the IT teams to “make sure it’s secure”. Now, for some of you, you may ask…

Is vSphere security even a popular topic?

The answer is most definitely “YES!” This was made abundantly clear to me last year at VMworld when I asked the ~500 people in my security session some questions. Now, the first clue here is that there were ~500 people in a vSphere security session at VMworld! Holy cow! If I had done that session in 2009 I would have been lucky to pull in 30 attendees!

The first question I asked was “How many here are security professionals who’s main job is IT security?” I’ll guess about 15-30 hands went up. I then asked “How many here are IT/Virtualization professionals who are here because the security guy is on them about securing the virtual infrastructure?”

Every…other…hand went up. Now, I had a pretty good guess that was going to be the answer. But what I think it showed to everyone in the audience is that they are not alone and that security of the virtual infrastructure has finally reached critical mass.

For those of you with access to past VMworld content, the session was INF2336

The vBrownbag Webinar

So, with that in mind, I did the vBrownbag and I had a blast! We discussed the changes in the vSphere Hardening Guide for 6.0 (and showed a sneak peek of some seriously cool PowerCLI stuff!) and then went into some of the updates that have been made in the release. It covers the gamut from easier certificate management to automation of some settings that used to require hand-editing.

You can see in the video below that also we got LOTS of questions. And I got a bunch of questions afterwards via email and Twitter.

Participate!

If you are one of those IT folks who owns the virtual infrastructure and you’re looking to upgrade to vSphere 6 and your IT Security colleagues are challenging you to secure it, this presentation will help. I also encourage you to check out all the other vBrownbag content and even better, contribute your own! Be a part of the community. We’re all in this together and there’s NO shortage of community members that are here to help.

You can find the vBrownbag home page here and the webinar I did here.

Let me know if you have feedback. You can reach me on Twitter as @vspheresecurity or @mikefoley or you can send me email to mfoley at vmware dot com. If there’s a topic you want covered on vSphere security, send it in!

thanks,

mike