VMware vSphere 5.5 Update 1 Hardening Guide

VMware vSphere 5.5 Update 1 Hardening Guide

Mike Foley announced on VMware blog that vSphere 5.5 Update 1 Hardening Guide is released.

There are 4 new additions to the guide:

  • enable-VGA-Only-Mode: Used for server VM’s that don’t need a graphical console. e.g. Linux web servers, Windows Core, etc.
  • disable-non-essential-3D-features: Remove 3D graphic capabilities from VM’s that don’t need them.
  • use-unique-roles: A new companion control to use-service-accounts. If you have multiple service accounts then each one should have a unique role with just enough privs to accomplish their task. This is in line with least-priv operations
  • change-sso-admin-password: A great catch. When installing Windows vCenter, you’re prompted to change the password of administrator@vsphere.local. When installing the VCSA in a default manner you are not. This control reminds you to go back and do that.

The rest are formatting, spelling, clarification, etc.. One interesting change is the “enable-nfc-ssl” control. That has been renamed to “verify-nfc-ssl” now that SSL is enabled by default in 5.5 for NFC traffic. All of the changes are called out in the Change Log.

You can download it from here http://www.vmware.com/files/xls/HardeningGuide-vSphere5-5-Update-1-GA.xlsx