You guys out there, dealing with
compliance, regulation and audits know how hard is to keep the environment compliant.
Since vSphere 4.0, VMware provides
Hardening Guides containing best practices and detailed description of security
vulnerabilities, threat severity, risk mitigation
techniques for fixing the vulnerability and securing the system.
Despite the fact you do an amazing job keeping
all hosts secure, mysteriously, some times you found one or two items not
compliant ; )
Doing a manual check for every host is a hard task,
thinking about it VMware released VMware vCenter Configuration Manager FreeCompliance Checkers.And as you can image by it’s name, it’s a FREE tool.
The tool allows you to scan your environment checking against few guidelines:
- VMware HIPAA Compliance Checker for Windows and Linux
- vSphere 5.0 VMware Hardening Guidelines
- vSphere 4.1 VMware Hardening Guidelines
- vSphere 4.0 VMware Hardening Guidelines
- PCI 2.0 Compliance Guideline
The installation procedure is pretty straight for, just download it and NEXT, NEXT, FINISH.
The only caveat is the installer does not search for the presence of java, so if it’s not installed on the default location, change the address during installation to point to the correct location.
Once it’s installed you can point to your vCenter, type your username and password and hit “Assess Compliance”.
When it’s done it will automatically open a nice HTML report with the findings.
You can also expand the items to learn a little more about that specific finding.
As it’s a free tool there’s expected some limitations : (
If you need something more robust or If you need adjustments to include your own policies, or checking against Industry and regulatory mandates such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA) and Federal information Security Act (FISMA), VMwarevCenter Configuration Manager is the tool for the job, you definetely should take a look at it.
I’m heading out now, I have a few items to correct on my own environment.
Good luck.