Release : Security Hardening Guide for vSphere 4.1

This guide is the official security hardening guide by VMware. It will help you configure your VMware vSphere 4.1 Infrastructure in such a way that your infrastructure will be protected against all kinds of security risks.

I find these security hardening guides very handy in helping me to understand all the areas that I need to look into to protect my vSphere Infrastructure. I’m not a security expert and most security experts I talk to don’t have enough knowledge of vSphere to give good advice on the best way to protect your vSphere Infrastructure. This document fills the knowledge gap between both areas of expertise.

Notice that this document is a best practice document. Please read the document carefully before implementing all the security configuration items into your vSphere infrastructure. My advice is to use the security guide as the standard and document all the security configuration items that you do not implement into your vSphere infrastructure. Also document why you didn’t implement the recommended security settings into your vSphere infrastructure. There can be a valid reason for it, but this way you have documented the reason and can always explain your security configuration settings to the security team in the future.

Scope

This set of documents provides guidance on how to securely deploy VMware® vSphere™ 4.1 (“vSphere”) in a production environment. The focus is on initial configuration of the virtualization infrastructure layer, which covers the following:

-­‐ The virtualization hosts (both VMware ESX® 4 and VMware ESXi™ 4)
-­‐ Configuration of the virtual machine container (NOT hardening of the guest operating system (OS) or any applications running within)
-­‐ Configuration of the virtual networking infrastructure, including the management and storage networks as well as the virtual switch (but NOT security of the virtual machine’s network)
-­‐ VMware vCenter™ Server, its database and client components
-­‐ VMware Update Manager (included because the regular update and patching of the ESX/ESXi hosts and the virtual machine containers are essential to maintaining the security of the environment)

You can download the Security Hardening Guide for vSphere 4.1 over here.

Performance Troubleshooting for vSphere 4.1

VMware released an excellent whitepaper on troubleshooting performance problems in vSphere 4.1. It really is a great resource and start point for anyone who has performance issues in his / her vSphere infrastructure.

The steps discussed in the document use performance data and charts readily available in the vSphere Client and esxtop to aid the troubleshooting flows. Each performance troubleshooting flow has two parts:

1. How to identify the problem using specific performance counters.
2. Possible causes of the problem and solutions to solve it.

    Quote for the Introduction of the Performance Troubleshooting for vSphere 4.1 whitepaper :

    Performance problems can arise in any computing environment. Complex application behaviors, changing demands, and shared infrastructure can lead to problems arising in previously stable environments. Troubleshooting performance problems requires an understanding of the interactions between the software and hardware components of a computing environment. Moving to a virtualized computing environment adds new software layers and new types of interactions that must be considered when troubleshooting performance problems.

    Proper performance troubleshooting requires starting with a broad view of the computing environment and systematically narrowing the scope of the investigation as possible sources of problems are eliminated. Troubleshooting efforts that start with a narrowly conceived idea of the source of a problem often get bogged down in detailed analysis of one component, when the actual source of problem is elsewhere in the infrastructure. In order to quickly isolate the source of performance problems, it is necessary to adhere to a logical troubleshooting methodology that avoids preconceptions about the source of the problems.

    The document can be found here. Source is the blog post from the VMware VROOOM! Blog.