Home > VMware > Verify Security Hardening of vSphere 5

Verify Security Hardening of vSphere 5

At the moment there is no security hardening guide for vSphere 5, and the vSphere Compliance Checker is also not compatible with vSphere 5. Both will eventually be updated, but until then what can you do to ensure that your hardening configuration has been applied correctly? The answer is running the VMware vSphere Security Hardening Report Check Script that was developed by William Lam. However to make it work with vSphere 5 there is a slight modification that is  necessary.

The script itself can be obtained from the VMware Communities Web Site at http://communities.vmware.com/docs/DOC-11901. The site also contains usage instructions and a lot of good comments and feedback. You can execute the script from any system that has the Perl SDK installed, which includes the vSphere Management Appliance (vMA).

To get the script to work against vSphere 5 hosts A quick modification of the script is required. Update parts of the script as follows:

from:    @supportedApiVer = qw(4.0.0 4.1.0);
to:          @supportedApiVer = qw(4.0.0 4.1.0 5.0.0);

The output is in HTML form which compares environment configuration against the vSphere 4.x Security Hardening Guide. The vSphere 4.x hardening guide is a good starting point even on vSphere 5.0.

A big thanks to Andy Morse at Datacom New Zealand for providing this information and bringing this to my attention.

This post first appeared on the Long White Virtual Clouds blog at longwhiteclouds.com, by Michael Webster +. Copyright © 2012 – IT Solutions 2000 Ltd and Michael Webster +. All rights reserved. Not to be reproduced for commercial purposes without written permission.

  1. Mark
    February 29, 2012 at 12:47 am | #1
    • February 29, 2012 at 12:50 am | #2

      Yes, quite sure. The security guide is not the same thing as the hardening guide. If you refer to the 4.1 Hardening Guide you will see the difference I'm talking about. Given that I'm contributing to the v5 guide, I know it doesn't exist and is not public yet.

  2. Alan Howie
    April 5, 2012 at 10:58 am | #3

    Do You Know when the v5 guide will be available?

    • April 5, 2012 at 11:41 am | #4

      HI Alan, I hear it will be very shortly. But I don't have an exact date I can share. I will be posting a blog article as soon as it is publicly available.

  1. No trackbacks yet.

Leave a Reply

%d bloggers like this: