Category: Security

vSphere 6.5 Security Configuration Guide now available

Announcing the GA release of the vSphere Security Configuration Guide!

Rename

As I mentioned in my previous blog post where I announced the availability of the Security Configuration Guide (SCG) Release Candidate, the term “Hardening Guide” will no longer be used starting with vSphere 6.5.  Only an increasingly small subset of the settings are truly “hardening”.  It’s mostly about configuration and auditing of settings.

Review, Change, Repeat

One of the things I always heard from customers over the years is “Why can’t you ship things secure out of the box”. While we are moving in that direction for those settings we can set, one thing to note is that 65% of today’s guide contain settings that VMware can not set for you or settings that we have already set that should be audited to check to see if the default value has been changed.

Every release we (myself and engineers) review all the settings and “clean house”. Everything is questioned. I started this review process for the 6.0 release and quite frankly, it upset a few apple carts. The guide at that time had grown like a set of firewall rules. As the guide grew over the years, nobody wanted to change anything because they didn’t know what the fallout would be. In my opinion, that is NOT a way to run your security operations. Security in this era DEMANDS that you always question the status quo.

To learn more about the changes in 6.0, I highly recommend you read this blog and the blogs it references. (1st & 2nd)

Because of this review process, we are making great progress towards shipping  “secure by default” and that effort will  be ongoing .

Continue reading

vSphere 6.5 Security Configuration Guide (Hardening Guide) Release Candidate

Security Configuration Guide? What’s that you ask? That’s what used to be called the vSphere Hardening Guide. Well, I didn’t come up with that name, folks who created it many, many years ago called it that. But like everything else in this world, change comes and change is good.

Continue reading

PowerCLI for VM Encryption

Hi everyone,

I’m happy (ok, beyond happy!) to announce that our VM Encryption engineering team has released a PowerCLI module for VM Encryption! In case you weren’t aware, there’s a Github repository of VMware PowerShell modules. Check them out!

Included in there is the new PowerCLI Module for VM Encryption. It’s chock full of lots of great cmdlets and new VI Properties that make your day to day management of vSphere 6.5 VM Encryption easier to automate. The goal here is to help you operationalize security as easily as possible. If you can’t make security easy to incorporate into your day to day operations then people will find a way to not do it.

Encrypting a VM shouldn’t mean having to manage an encryption solution IN the VM. It should be as simple as “Get-VM” and piping that to “Enable-VMEncryption”, right? Well, with VM Encryption it IS! Let’s take a look.

Continue reading