When implementing virtualization technology, organizations must ensure that they can continue to maintain a secure environment and meet their compliance obligations. To do so, you will have to evaluate risks that might affect protected information and mitigate those risks through risk-appropriate standards, processes, and best practices.
The draft version of the vSphere 5.1 Hardening Guide provides guidance on how to securely deploy VMware vSphere 5.1 in a production environment. The focus is on initial configuration of the virtualization infrastructure layer, which covers the following:
- The virtualization hosts
- Configuration of the virtual machine container (NOT hardening of the guest operating system (OS) or any applications running within)
- Configuration of the virtual networking infrastructure, including the management and storage networks as well as the virtual switch (but NOT security of the virtual machine’s network)
- VMware vCenter Server, its database and client components
Please provide your feedback in the comments field here.
Public Draft (Revision A) of the vSphere 5.1 Security Hardening Guide
Public Draft (Revision A) of the vSphere 5.1 Security Hardening Guide