Thursday, November 8, 2012

Free Compliance Check Tool for vSphere

You guys out there, dealing with compliance, regulation and audits know how hard is to keep the environment compliant.

Since vSphere 4.0, VMware provides Hardening Guides containing best practices and detailed description of security vulnerabilities, threat severity, risk mitigation techniques for fixing the vulnerability and securing the system.

Despite the fact you do an amazing job keeping all hosts secure, mysteriously, some times you found one or two items not compliant ; )
Doing a manual check for every host is a hard task, thinking about it VMware released VMware vCenter Configuration Manager FreeCompliance Checkers.

And as you can image by it’s name, it’s a FREE tool.

The tool allows you to scan your environment checking against few guidelines:
  • VMware HIPAA Compliance Checker for Windows and Linux
  • vSphere 5.0 VMware Hardening Guidelines
  • vSphere 4.1 VMware Hardening Guidelines
  • vSphere 4.0 VMware Hardening Guidelines
  • PCI 2.0 Compliance Guideline

The installation procedure is pretty straight for, just download it and NEXT, NEXT, FINISH.
The only caveat is the installer does not search for the presence of java, so if it’s not installed on the default location, change the address during installation to point to the correct location.

 Once it’s installed you can point to your vCenter, type your username and password and hit “Assess Compliance”.

When it’s done it will automatically open a nice HTML report with the findings.

You can also expand the items to learn a little more about that specific finding.

As it’s a free tool there’s expected some limitations : (

If you need something more robust or If you need adjustments to include your own policies, or checking against Industry and regulatory mandates such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA) and Federal information Security Act (FISMA),  VMwarevCenter Configuration Manager is the tool for the job, you definetely should take a look at it.

I’m heading out now, I have a few items to correct on my own environment.

Good luck.

1 comment:

Unknown said...

Nice Stuff.. vSphere and wmvare are very interesting topic because It is the pioneer in the world of virtualization, most companies turn to its virtual machine solutions. VMware not only allows you up to 80% utilization of each server, it also offers a bagful of Virtual machine tools to make sure your virtual machines are up and running.

I am Started Using Scalable monitoring engine which unifies performance data from all the sources including VMware esx server.
- vmware performance monitoring
Thanks for such a good post.

Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive