In today's digital landscape, security must be the top priority for every company. Threats are ubiquitous, including within your own internal environment, and exploit techniques are becoming increasingly sophisticated. So, how can you keep your environment secure and compliant amidst these evolving challenges?
Fortunately, VMware Aria Operations offers built-in compliance mechanisms to monitor and remediate VMware and industry benchmarks for best practices. These benchmarks include CIS, DISA, HIPAA, PCI, and more. Additionally, VMware provides the vSphere Security Guide, which outlines best practices for securing your vSphere environment against threats.
Monitoring alone is not sufficient; it's crucial to act swiftly to enforce policies and restore the system to a compliant state. This is where the integration between VMware Aria Operations and VMware Aria Automation Orchestrator proves invaluable. Offering out-of-the-box workflows to enforce secure parameters on your systems.
Once you set up the integration between Operations and Orchestrator the remediation pack will be made available and a master workflow will be in charge of enforcing all security parameters, called, Apply Host Security Configuration Rules and can be found at: Library/Workflows/vRealize Operations Manager/vSphere Security Configuration Guide.
Tip: If you delete the workflows or it get corrupted you can re-import it back easily.
From Aria Operations, navigate to Environment / Inventory / Adapter Instances / Orchestrator Adapter Instance.
Select your Orchestrator endpoint, click the gear icon, and choose Import Operations Remediation Package to Orchestrator
Before you begin remediating your platform, you must run the workflow Configure Host Security Config Data, which can be found at: Library/Workflows/vRealize Operations Manager/vSphere Security Configuration Guide /Configuration.
When you execute this workflow, you can opt-in what parameters you want to remediate automatically and disable the ones you dont want to automate. Depending on your selection, additional tabs will become available to include additional settings.
Orchestrator will create a Config Element to store your preferences, which will be used whenever remediation is needed.
The next time you encounter a host system alert based on the vSphere Security Guide Alert, you can simply automate the remediation of it.
Make sure you have the Alert Id, we will need it later;
Expand the alert and click the Apply Host Security Configuration Rules;
Past the Alert Id and click Begin Action;
Orchestrator will use the Alert Id to call back Operations and pull what violations were identified and based on your preferences will remediate the ones enabled by you to be automated.
The crown jewel of this integration is enabling autonomous compliance, where alerts are automatically remediated once a violation is detected. For more details on enabling autonomous remediation, check out my previous post on the topic.