VMware vSphere security best practices
Minimize risk and defend VMware environment against security incidents has to be priority of every IT admin. Auditing data centers for security can be approached many ways, starting with 3rd party consultants coming to the IT floor ending by manual and complicated implementation of certification or best-practice audit checklists. VMware vSphere is often implemented with default configurations. And, once deployed, many vSphere data center implementations are not regularly evaluated to determine security weaknesses.
VMware security advisories
VMware Security Hardening Guides were created by VMware experts and provide prescriptive guidance for customers on how to deploy and operate VMware products in a secure manner. As such it creates an ideal checklist for security audit in virtualized data center.
Guides for vSphere are normally provided in spreadsheet format, with rich metadata to allow for guideline classification and risk assessment. They also include script examples for enabling security automation. Implementing VMware security best practices is very time consuming and requires continuous validation of the implementation as the environment configuration changes. This situation repeats for other security guides like GPDR or DISA-STIG. Thankfully, there is a tool which can automate data center security audits and tell admins what to do to improve the security standards.
VMware security best practice automation
One of the Runecast Analyzer features is scanning for security issues and recommendations according to several security profiles. The Analyzer scans VMware vSphere instances with all the ESXi hosts, vCenter servers and virtual machines. It uses extensive database of VMware Security Hardening checks, DISA-STIG and best practices which helps to implement GPDR. It audits thousands of combinations on data center environment. The result is the list issues which needs to be implemented and also those which are already successfully applied. The entire scan doesn’t take more than a minute or two and can be scheduled periodically to report on best practice and security data center audit which helps to catch any misconfigurations.
See how many KBs are applicable in your environment