The VMware vSphere 5.5 Hardening Guide is now available for download. If you’re thinking about, or have already, updated your VMware vSphere infrastructure to v5.5 then I recommend you take a look and familiarise yourself with this informative security hardening guide. It is full of useful vulnerability avoidance know-how and contains best practices around the following vSphere products:
– Virtual Machines
– ESXi hosts
– Virtual Network
– vCenter Server plus its database and clients.
– Common vCenter and Windows specific guidance is here.
– vCenter Web Client
– vCenter SSO Server- vCenter Virtual Appliance (VCSA) specific guidance
Each best practice entry is rated with one or more of the following three ‘profiles’ so you know which hardening best practices should be implemented for your particular VMware infrastructure to best meet requirements:
Risk Profile 3: guidelines that should be implemented in all environments
Risk Profile 2: guidelines that should be implemented for more sensitive environments, e.g. those handling more sensitive data, those subject to stricter compliance rules, etc.
Risk Profile 1: guidelines that only be implemented in the highest security environments, e.g. top-secret government or military, extremely sensitive data, etc.
If you’re not 100% comfortable in rolling out one or more of any of the security hardening recommendations in the guide then definitely look at familiarising yourself with it in your work or home vSphere lab first – one of the many justifications for running my own home vSphere lab.
Download the VMware vSphere 5.5 Hardening Guide:
Click here to download the VMware vSphere 5.5 Hardening Guide.
Thanks to Mike Foley in his blog post, which can be found here, who informed me about this latest release.