Firstly, it’s great to start blogging again, was away for the past few months due to some other commitments (new job + my new born baby) but I’m happy to be back again and all set to start a new blog series on vCenter Configuration Manager. In this blog post series, I will cover the following topics:
Product Overview
- Create an intelligent compliance management solution using vRealize Configuration Manager
- Sizing recommendations & installation Options
- Use Cases for vSphere Infrastructure
- Create Compliance Rules and Remediation
- Generate various Reports from vCM
For now, I will exclude the topics of compliance for physical infrastructure and OS patching.
In this post, let’s cover the vCenter Configuration Manager Product overview. How many of you have heard about this product in the past? I won’t be surprised if most of you say that you have not heard about VCM for various reasons. This is going to be my task for the next few days or may be weeks to share maximum information about VCM.
Let’s discuss, why vCenter Configuration Manager is a MUST HAVE for your IT Infrastructure.
All the CXOs want their IT Infrastructure to be secure to prevent any kind of security breach in their IT Infrastructure. This means one has to be aware about all those possible loop holes that may lead to this breach and one must also know how to take corrective action and continuously monitor the Infrastructure.
Following are the high level steps that one has to perform to ensure that the Infrastructure remains secure.
- Identify the critical systems (servers, virtual machines, applications, datacenters etc.). For example all the resources in the production cluster which have business critical applications installed. For vSphere Infrastructure VMware offers hardening guides for different versions of vSphere. The VMware Security Hardening Guides can be downloaded from http://www.vmware.com/security/hardening-guides.
- Note the different components in the above systems and create compliance & security rules. For example, create rules to ensure that SSH access to the ESXi host is disabled and used only for troubleshooting. Create rules to disable clip board copy/paste using the Virtual Machine remote console and the client system.
- Create a process which checks for the above rules on those critical systems and identifies the non-compliant servers.
- Perform the corrective action plan on those non-compliant servers.
- Create a reporting mechanism which checks all the above information periodically (daily, weekly, monthly) and generates a report that can be easily reviewed.
VMware provides security hardening guides which can help you in defining rules to keep your vSphere Infrastructure secure. These Security Hardening Guides can be accessed from http://www.vmware.com/in/security/hardening-guides. Also note that there are change logs which includes the differences in two versions of vSphere.
All the above tasks when combined together forms a Compliance and Security hardening solution. vRealize Configuration Manager makes it a lot easier to manage all the above tasks but note that it’s not limited only to compliance management you can also do OS provisioning & patching.
vRealize Configuration Manager is part of vRealize Operations Suite and is available in Advanced & Enterprise license
For more information regarding vRealize Operations Suite license options refer to http://www.vmware.com/in/products/vrealize-operations/compare.html.
vRealize Configuration is also available in vCloud Suite for more information refer to http://www.vmware.com/in/products/vcloud-suite/compare.html.