image_pdfimage_print

Setting up vSphere encryption

Starting from vSphere 6.5, vSphere supports VM encryption. for that a Key Management Server is required. Once a virtual machine is encrypted, vSphere needs somewhere to save the decryption key and for that it uses the KMS.VMware officially supports the use of 12 KMS products with vSphere. 

https://www.vmware.com/resources/compatibility/search.php?deviceCategory=kms&details

The above list is of products which have been specifically tested and certified by VMware.

After choosing the KMS solution, the appliance can be easily deployed through OVF Template.

Upon the successful deployment, You will now be shown the IP address of the KMS.

Then, you can do the rest configurations using the web browser.

Finally, you need to setup a secure two-way trust (default method is to use Certificates) between vSphere and the KMS. Once this trust has been established the full suite of vSphere encryption features will become available.

You will now be asked to upload a KMS Certificate and a KMS Private Key file. This is the certificate we created. Open the downloaded .ZIP file and you will see two .PEM files. Ignore the ‘cacert.pem’ file, instead use the .PEM file with the name you decided earlier.

Lastly, click establish trust.

Once all the above tasks are completed, you may get the chance to encrypt the desired VMs.

Within vCenter right-click on a virtual machine that you intend to encrypt, expand VM Policies and then select Edit VM Storage Policies, also make sure to change this to VM Encryption Policy. Once done select OK.

Operating System, Application and Network Hardening Resources

Information Technology is becoming more challenging these days, hence IT Security is a key area when it comes to Operating Systems, Applications and Networking.

The process of securing an operating system is referred to as “hardening” or at times as “lock down” It is important to an organization’s security because it reduces the chances of attack. Issues come up because various operating systems require different hardening processes within a data center. For example, a system administrator may have deep expertise in one operating system but may possess limited or even no expertise with the other operating systems. System administrators also have a task of ensuring that each server remains locked down consistently to avoid vulnerabilities.

Most of the IT Administrators will have difficulties finding the properly defined set of Hardening guides. To overcome the such issues, Center for Internet Security (CIS) has published well defined and detailed hardening guides to the public (FREE). 

https://nvd.nist.gov/ncp/repository

With the above repository, you will get the change to download all the hardening guides on Windows OS, Mac OS, Linux OS, Applications, Network devices & etc.

For the ease of access, i have attached two common hardening guides as below;