vSphere Hardening Guide is one of my favorite reference to configure my vSphere environment. VMware Released GA version of vSphere 5.5 Update 1 Hardening Guide on 6-June-2014. It gives Complete list of security settings to configure your vSphere components secure to comply with various standards like PCI. This guide covers the security settings for Virtual Machines,ESXi host, vNetwork, vCenter Server, vCenter Update Manager, SSO, WebClient and VCSA. Security Hardening Guides provide prescriptive guidance for customers on how to deploy and operate VMware products in a secure manner. Guides for vSphere are provided in an easy to consume spreadsheet format, with rich metadata to allow for guideline classification and risk assessment.
There are 5 New additions to vSphere 5.5 Update 1 Hardening Guide.
Enable-VGA-only-Mode : Many Server-class virtual machines need only a standard VGA console (typically a Unix/Linux server system). Enabling this setting removes additional unnecessary functionality beyond disabling 3D.
Disable-non-essential-3D-features : It is suggested that 3D be disabled on virtual machines that do not require 3D functionality, (e.g. server or desktops not using 3D applications).
Verify-nfc-ssl : NFC (Network File Copy) is the name of the mechanism used to migrate or clone a VM between two ESXi hosts over the network. By default, SSL is enabled for provisioning (clone and migrate) NFC data traffic.
Use-unique-roles : In order to maintaine least privlege access and as a compainion guideline with using unique service accounts, creating a specific role for each of those accounts is recommended
change-sso-admin-password : The vCenter Server Appliance (VCSA) during SSO configuration sets the default password of administrator@vsphere.local to a default value automatically if you select “Default Configuration”. The password must be changed manually. Windows SSO prompts during install for a default password. VCSA only prompts when using a “Custom Configuration”. This does not apply to Windows SSO installations as those are prompted for a password during installation.
Apart from the 5 New additions, changes to 20 items and 3 items are removed from the existing version of vSphere Hardening Guide. Download the vSphere Hardening Guide .
I hope this is informative for you. Thanks for Reading!!. Be Social and share it in social media, if you feel worth share it .