This document is the official release of the vSphere 4.1 Security Hardening Guide. This version is based on feedback collected during the public draft comment period. We will still be collecting feedback on this document — if there are any typos, errors, or changes, please add them to the comments below.
This set of documents provides guidance on how to securely deploy VMware® vSphere™ 4.1 (“vSphere”) in a production environment. The focus is on initial configuration of the virtualization infrastructure layer, which covers the following:
- The virtualization hosts (both VMware ESX® 4 and VMware ESXi™ 4)
- Configuration of the virtual machine container (NOT hardening of the guest operating system (OS) or any applications running within)
- Configuration of the virtual networking infrastructure, including themanagement and storage networks as well as the virtual switch (but NOT security of the virtual machine’s network)
- VMware vCenter™ Server, its database and client components
- VMware Update Manager (included because the regular update and patching of the ESX/ESXi hosts and the virtual machine containers are essential to maintaining the security of the environment)
The following are specifically out of scope and are NOT covered:
- Security of the software running inside the virtual machine, such as OS and applications, and the traffic traveling through the virtual machine networks
- Security of any other add-on products, such as SRM
- Detailed operational procedures related to maintaining security, such as event monitoring, auditing and privilege management. Guidance is provided on general areas in which to perform these important tasks, but details on exactly how to perform them are out of scope.
Download : http://communities.vmware.com/docs/DOC-15413