book

VMware vSphere Security Cookbook

Name: VMware vSphere Security Cookbook
Author: Michael Greer
ISBN: 9781782170341

by Michael Greer

November 2014

Intermediate to advanced

334 pages

6h 48m

English

Packt Publishing

Read now

Unlock full access

VMware vSphere Security Cookbook
Table of Contents
VMware vSphere Security Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holdersInstant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
ErrataPiracyQuestions
1. Threat and Vulnerability Overview
Introduction
Risk overview
Understanding defense-in-depth
Hypervisor threats
Hypervisor vulnerabilities
Guest virtual machine threats
Guest virtual machine vulnerabilities
Network threats
Network vulnerabilities
Storage threats
Storage vulnerabilities
Physical threats
Physical vulnerabilities
Security concepts
References
Summary
2. ESXi Host Security
Introduction
Hardening the host via Console
Getting readyHow to do it…How it works…There's more
Hardening the host via vSphere Client
Getting readyHow to do it…How it works…
Configuring host services
Getting readyHow to do it…How it works…
Configuring the host firewall
Getting readyHow to do it…How it works…There's moreTPM encryptionSee also
3. Configuring Virtual Machine Security
Introduction
Configuring administrative access options
Getting readyHow to do it…How it works…
Securing the guest OS
Getting readyHow to do it…Configuring the Windows 7 guest OS securityGetting readyHow to do it…How it works…Configuring the Windows Server 2008 R2 guest OS securityGetting readyHow to do it…How it works…There's more...Virtual machine antivirusFirewallsSee also
Guest virtual machine hardening
Getting readyHow to do it…Remove unnecessary virtual hardwareUnexposed featuresRestricting data between the host and guestRestricting commandsLimiting the guest OS writes to the host memoryHow it works…See also
Configuring virtual machine resource isolation
Getting readyHow to do it…How it works…
Configuring the standard image templates
Getting readyHow to do it...How it works...
Managing snapshots
Getting readyHow to do it...How it works...See also
4. Configuring User Management
Introduction
Configuring vCenter Single Sign-On
Getting readyHow to do it…How it works…
Managing Single Sign-On users with vSphere Web Client
Getting readyHow to do it…How it works…
Configuring Active Directory integration
Getting readyHow to do it…How it works…
Managing Active Directory users and groups
Getting readyHow to do it…How it works…
Assigning permissions
Getting readyHow to do it…How it works…
Assigning administrative roles
Getting readyHow to do it…How it works…See also
5. Configuring Network Security
Introduction
Configuring Standard vSwitch security
Getting readyHow to do it…How it works…
Configuring the port group security
Getting readyHow to do it…How it works…
Configuring VLANs
Getting readyHow to do it…How it works…
Creating DMZ networks
Getting readyHow to do it…How it works…
Providing Distributed vSwitch security options 
Getting readyHow to do it…How it works…
Configuring PVLANs
Getting readyHow to do it…How it works…See also
6. Configuring Storage Security
Introduction
Configuring network isolation
Getting readyHow to do it…How it works…
Configuring iSCSI security
Getting readyHow to do it…How it works…
Configuring Header and Data Digest
Getting readyHow to do it…How it works…There's more…Configuring the Fibre Channel securitySee also
7. Configuring vShield Manager
Introduction
Installing vShield Manager OVA
Getting readyHow to do it…How it works…
Configuring vShield Manager settings
Getting readyHow to do it…How it works…
Adding vShield licensing to vCenter
Getting StartedHow to do it…How it works…
Configuring SSL Security for Web Manager
Getting readyHow to do it…How it works…
Configuring Single Sign-On
Getting readyHow to do it…How it works…
Configuring user accounts and roles
Getting readyHow to do it…How it works…
Configuring services and service groups
Getting readyHow to do it…How it works…
8. Configuring vShield App
Introduction
Installing vShield App
Getting readyHow to do it…How it works…
Configuring vShield App using the Web Console
Getting readyHow to do it…How it works…
Configuring vShield App Flow Monitoring
Getting readyHow to do it…How it works…
Configuring vShield App Firewall
Getting readyHow to do it…How it works…
Configuring vShield App SpoofGuard
Getting readyHow to do it…How it works…
9. Configuring vShield Edge
Introduction
Installing vShield Edge
Getting readyHow to do it…Configuring the Edge applianceConfiguring Edge interfacesHow it works…
Managing appliances
Getting readyHow to do it…How it works…
Managing interfaces
Getting readyHow to do it…How it works…
Managing certificates and revocation lists
Getting readyHow to do it…How it works…See also
Managing firewall rules
Getting readyHow to do it…How it works…
Managing NAT rules and static routes
Getting readyHow to do it…How it works…
Managing the IPSec VPN service
Getting readyHow to do it…How it works…
Managing SSL VPN-Plus
Getting readyHow to do it…Configuring the IP poolConfiguring private networksConfiguring authenticationConfiguring an installation packageHow it works…
Configuring the load-balancing service
Getting readyHow to do it…How it works…
10. Configuring vShield Endpoint
Introduction
Installing vShield Endpoint
Getting startedHow to do it…How it works…
Configuring vShield Endpoint using an antivirus
Getting startedHow to do it…How it works…
11. Configuring vShield Data Security
Introduction
Installing vShield Data Security
Getting readyHow to do it…How it works…
Configuring the vShield Data Security policies
Getting readyHow to do it…How it works…
Managing vShield Data Security reports
Getting readyHow to do it…How it works…
12. Configuring vSphere Certificates
Introduction
Configuring a Windows CA template
Getting startedHow to do it…How it works…See also
Requesting certificates from a Windows CA
Getting startedHow to do it…How it works…
Using SSL Certificate Automation Tool 5.5
Getting startedHow to do it…How it works…There's more…
Process certificate requests
Getting startedHow to do it…How it works…
Registering the Single Sign-On certificate
Getting startedHow to do it…How it works…
Registering the Inventory Service certificate
Getting startedHow to do it…How it works…
Registering the vCenter certificate
Getting startedHow to do it…How it works…
Registering the Web Client certificate
Getting startedHow to do it…How it works…
Registering the Log Browser certificate
Getting startedHow to do it…How it works…
Registering the Update Manager certificate
Getting startedHow to do it…How it works…
Installing an ESXi host certificate
Getting startedHow to do it…How it works…
13. Configuring vShield VXLAN Virtual Wires
Introduction
Prerequisites for configuring VXLAN virtual wires
Getting startedHow to do it…Ensuring the Managed IP address of vCenter is setEnsuring DHCP availabilitySetting a multicast address range and segment ID poolSetting up network connectivity for VXLAN trafficVerifying the distributed switch MTU settingHow it works…There's more
Configuring VXLAN virtual wires
Getting startedHow to do it…Adding a VXLAN network scopeAdding a VXLAN virtual wireConnecting a VXLAN virtual wire to vShield EdgeEnabling services for the VXLAN virtual wireConnecting a virtual machine to a VXLAN virtual wireHow it works…
Testing VXLAN virtual wires
Getting startedHow to do it…How it works…There's more
Configuring firewall rules for VXLAN virtual wires
Getting startedHow to do it…How it works…See also
Index

Content preview from VMware vSphere Security Cookbook

Registering the Single Sign-On certificate

The Single Sign-On certificate needs to be bound to the corresponding service in order for the neighboring services to trust the service and not prompt for verification. The default certificate is self-signed and not trusted by any remote machine.

Getting started

In order to proceed, we require access to the directory that holds the certificate and private key that were generated as a result of the certificate request completed earlier. In our example, the certificates are located in the C:\Certificates\SSLTool\requests\<service name> folder.

Ensure that the command prompt account has administrative access to the vCenter and local servers.

How to do it…

Perform the following steps:

Open a command prompt on ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781782170341

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design