Virtualization Technology News and Information
VMware Releases vSphere 4.0 Hardening Guide

A couple of months ago, VMware announced a new security and vSphere 4.0 hardening guide draft that the community flocked to for information.  And with community help and involvement, the draft was updated and released today as a 1.0 document.  And the PDF is being offered back to the community as a free download.  This document is a great example of collaboration between VMware and its user base, with more than 100 guidelines being offered to the general public in order to properly secure and harden their vSphere 4.0 environment. 

The guide has the following highlights.

  • Structure: this version uses a standardized format, with formally defined sections, templates, and reference codes.  The goal is to increase clarity and reduce ambiguity, make it easier to reference individual guidelines, and most of all, enhance the ability to automate guideline enforcement.
  • Recommendation levels: in following with the formats used by NIST, CIS, and others, this guide categorizes all guidelines into three security levels.  Instead of recommending a single set of guidelines for all environments, this guide encourages more of a risk-based approach, so that individual administrators can decide which guidelines apply to their environment.


The major sections of the guide include:

  • Introduction
  • Virtual Machines
  • Host (both ESXi and ESX)
  • vNetwork
  • vCenter
  • Console OS (for ESX only)


The Introduction section describes the scope, structure, recommendation levels, and other aspects of the guide in more detail.  Please read this section first before diving into the rest of the guide, as it provides important context.

VMware stated, "Although this version of the guide can be considered as "final" and appropriate for use in production environments, we recognize that there is always room for improvement.  We will continue to welcome comments and corrections on this guide, and we will publish updated versions of the guide from time to time as feedback is accumulated.  This feedback of course will also be incorporated into the hardening guide for future releases of vSphere."

The vSphere 4.0 Hardening Guide has been posted to the VMware Communities in the "Security and vShield Zones” area, in the Documents tab.  Please provide feedback in the Comments area.

Published Tuesday, April 20, 2010 6:16 AM by David Marshall
Twitter Trackbacks for VMware Releases vSphere 4.0 Hardening Guide : - Virtualization Technology News and Information for Everyone [] on - (Author's Link) - April 20, 2010 8:49 AM
vSphere Hardening Guide – Upland Strategy Group, LLC - (Author's Link) - April 22, 2010 7:09 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2010>