Great news for all you VMware architects and administrators out there! VMware have just made available the final release of the VMware vSphere hardening guide for download. This is a must read in my opinion as it provides some excellent tips and best practices that can easily be applied to your vSphere environment.
The guide is split into the following logical topic areas; Virtual Machine, ESX/ESXi Host, vNetwork, vCenter and Console Operating System (COS). As mentioned on the hardening guide’s announcement page here, this vSphere version of the guide has the following “highlights”:
Structure: this version uses a standardized format, with formally defined sections, templates, and reference codes. The goal is to increase clarity and reduce ambiguity, make it easier to reference individual guidelines, and most of all, enhance the ability to automate guideline enforcement.
Recommendation levels: in following with the formats used by NIST, CIS, and others, this guide categorizes all guidelines into three security levels. Instead of recommending a single set of guidelines for all environments, this guide encourages more of a risk-based approach, so that individual administrators can decide which guidelines apply to their environment.
The vSphere hardening guide can be download from the VMware Security Team’s blog here.