Komplexný prehľad VMware Security Hardening Guides - oficiálnej dokumentácie pre bezpečné nasadenie VMware produktov.
Úvod
Security Hardening Guides poskytujú prescriptive guidance pre zákazníkov ako nasadiť a prevádzkovať VMware produkty bezpečným způsobom.
VMware Security Hardening Guides
Formát a Obsah
vSphere Guides
Guides pre vSphere sú poskytované v spreadsheet formáte (.xlsx) s:
- Rich metadata pre klasifikáciu guidelines
- Risk assessment metriky
- Script examples pre security automation
- Comparison documents medzi verziami
Ostatné Produkty
Guides pre ostatné produkty v PDF alebo online formáte podľa produktu.
vSphere Security Configuration Guides
vSphere 6.7 Update 1
Najnovšia verzia pre vSphere 6.7:
vSphere 6.7 Update 1 Security Configuration Guide
Obsah:
- ESXi host hardening
- vCenter hardening
- VM security settings
- Network security
- Storage security
vSphere 6.5 Update 1
Pre staršie prostredia:
vSphere 6.5 Update 1 Security Configuration Guide
vSphere 6.5 GA
vSphere 6.5 Security Configuration Guide
vSphere 6.0
Legacy verzia:
vSphere 6.0 Security Hardening Guide
NSX Security Guide
NSX Security Configuration Guide
NSX Security Configuration Guide
Pokrýva:
- NSX Manager security
- NSX Controllers hardening
- NSX Edge security
- Distributed firewall best practices
- Micro-segmentation guidelines
Ostatné VMware Produkty
vRealize Suite
vRealize Configuration Manager 5.5: Security Guide (PDF)
vRealize Automation: Documentation Portal
vRealize Operations Manager: Security Documentation
Cloud Director
Cloud Director Security: Security Guide (PDF)
Hlavné Oblasti Hardening
ESXi Host Security
- Lockdown mode configuration
- SSH/Shell access control
- DCUI access restrictions
- Syslog configuration
- NTP synchronization
- Certificate management
vCenter Security
- Role-based access control (RBAC)
- SSO configuration
- Certificate management
- Database security
- Backup encryption
- Audit logging
VM Security
- VM encryption
- vTPM configuration
- Secure boot
- VM-VM anti-affinity rules
- Resource limitations
- Device restrictions
Network Security
- Private VLANs
- Port security
- MAC address changes prevention
- Promiscuous mode control
- Forged transmits blocking
- Network policies enforcement
Storage Security
- Datastore permissions
- Encryption at rest
- vSAN encryption
- iSCSI CHAP authentication
- FC zoning
Compliance Frameworks
Guides mapujú na compliance štandardy:
- DISA STIG (Defense Information Systems Agency)
- PCI-DSS (Payment Card Industry)
- HIPAA (Healthcare)
- NIST (National Institute of Standards)
Implementácia
Assessment
- Download relevantný guide
- Review current configuration
- Gap analysis
- Prioritize findings (High/Medium/Low)
Remediation
# Príklad: PowerCLI script pre mass config
Get-VMHost | Get-AdvancedSetting -Name "UserVars.ESXiShellTimeOut" |
Set-AdvancedSetting -Value 600
Validation
- Re-scan s guide
- Compliance reporting
- Continuous monitoring
Automation
PowerCLI Scripts
Guides obsahujú PowerCLI examples:
# Enable lockdown mode
Get-VMHost | ForEach-Object {
($_ | Get-View).EnterLockdownMode()
}
vRealize Automation
- Configuration profiles
- Compliance policies
- Auto-remediation workflows
Best Practices
Regular Updates
✅ Update guides pri každom upgrade
✅ Monitor VMware security advisories
✅ Subscribe to security bulletins
Baseline Configuration
✅ Create security baseline templates
✅ Enforce via Host Profiles
✅ Regular compliance checks
Documentation
✅ Document deviations
✅ Maintain change log
✅ Risk acceptance process
Zdroje
VMware Security
Community
Training
Poznámky
⚠️ Testing Required: Vždy testuj v non-prod prostredí
⚠️ Application Impact: Niektoré settings môžu ovplyvniť aplikácie
⚠️ Performance: Security môže mať performance dopad
⚠️ Documentation: Dokumentuj všetky zmeny