VMware has released a welcomed vSphere 5.0 Security Hardening Guide. Based on feedback from VMware customers and partners, the guide was re-structured from the ground up with the following key aspects:
- The guide is being released exclusively in spreadsheet format. Many of you have indicated that, although the accompanying text found in previous versions of the guide is interesting, the specific steps for assessment and remediation of the recommendations are really what matters. Since people often end up putting the guide into spreadsheet format anyway, we figure we'd save you the trouble!
- All guidelines have the same set of metadata, and a new standardized and extensible identification scheme. This will enable customers to more readily adapt the guide to suit their particular environment by selecting the specific guidelines and fields that are of interest to them, and also help them in the generation of standard checklists and similar documents.
- A primary goal for this guide was to enable greater automatability. To this end, the guide includes both assessment and remediation commands for the three main vSphere CLIs: vSphere CLI (vCLI), ESXi Shell, and PowerCLI. References have also been added to sections of the vSphere API documentation that relate to each specific guideline.
- The previous recommendation levels have been replaced by a system using Profiles. This is part of the move towards putting the guide into industry-standard format, a potential benefit that will be fully realized in the future.
The Introduction tab of the guide describes the new naming scheme, structure, recommendation levels, and other aspects of the guide in more detail. Please read this tab first before diving into the rest of the guide, as it provides important context.
The vSphere 5.0 Security Hardening Guide has been posted to the VMware Communities in the "Security and Compliance” area, in the Documents tab.