Information Technology Reference
In-Depth Information
Chapter 8
Securing VMware vSphere
On a scale of 1 to 10 in importance, security always rates close to a 10 in setting up and man-
aging a vSphere environment. Well, maybe not—but it should. Even though VMware has
increased the capabilities and features that come with its products, these same products and
features must i t within the security policies applied to other servers. Most of the time, ESXi and
vCenter Server i t easily and nicely within those security policies, but sometimes the process is a
bit of a challenge. This chapter examines the tools and techniques that will help you ensure that
your vSphere environment appropriately follows the security policies of your organization.
In this chapter, you will learn to
Coni gure and control authentication to vSphere
◆
Manage roles and access controls
◆
◆
Control net work access to services on ESXi hosts
Integrate with Active Directory
◆
Overview of vSphere Security
As with most other areas of security within information technology, securing a vSphere envi-
ronment means securing all the different components of vSphere. Specii cally, securing vSphere
means securing the following components:
The ESXi hosts
◆
vCenter Server
◆
The VMs, specii cally the guest operating systems (guest OSes) running inside the VMs
◆
◆
The applications running in the VMs
In this chapter we'll discuss the security considerations for the vSphere components: the
ESXi hosts, Single Sign-On, vCenter Server, and the guest OSes running in your VMs. Each of
these components has its own unique set of security challenges, and each has different ways
of addressing those security challenges. For example, ESXi has a different set of security chal-
lenges than the Windows-based vCenter Server or the Linux-based vCenter Server virtual
appliance. We won't address how to secure the applications within your VMs because that task
falls well outside the scope of this topic. We do encourage you, however, to be sure to keep
application-level security in mind as you work toward securing your vSphere environment.
