VMware creates much needed vSphere 4 security hardening guide

After nearly nine months since the announcement of VMware vSphere 4.0, VMware is finally making available a public draft copy of a security hardening guide that can be used to help securely deploy vSphere in a production environment — with a focus on configuration of the virtualization infrastructure.

With security concerns acting as a major roadblock for many organizations who want to build or expand a public or private cloud for their business, this document is not only timely but also proves an excellent source of information no matter what stage of the virtualization maturity cycle you happen to be in at the moment.

The guide itself is broken down into five major sections:

• Virtual Machines — configuring and securing the container itself, not the guest OS or the applications within
• Host Servers — both ESX and ESXi
• vNetwork — configuration of the virtual networking infrastructure, including the management and storage networks as well as the virtual switch
• vCenter — the vCenter server and its database
• ESX Console OS (COS) — only to ESX 4 and not to ESXi 4

Rather than recommend a single set of guidelines for all environment types, the guides offer a risk-based approach to allow administrators to decide which guidelines apply to their own environment.  VMware has created three recommendation levels:

• Enterprise — recommended for most enterprise production environments and meant to secure against most security attacks to the level required by all major security and compliance standards
• DMZ — includes environments that are susceptible to targeted attacks such as Internet-facing hosts and internal systems with highly confidential data
• Specialized Security Limited Functionality (SSLF) — environments that are especially vulnerable to sophisticated attacks

There are over 100 recommendations being offered across all five guides, though they are subject to change. The current version, Rev B, is being offered as a public draft and is still open for suggestions and feedback by the community for approximately one month. This feedback will be incorporated into the next revision which will be considered the final version. VMware doesn’t expect much to change however because this version has already undergone an extensive private review of the initial draft.

So don’t wait. If you are concerned about hardening the security of your VMware vSphere environment, these are the documents for you. VMware has made them available within the VMware Communities Web site under the Documents tab.

This story, “VMware creates much needed vSphere 4 security hardening guide,” was originally published at InfoWorld.com. Follow the latest developments in virtualization at InfoWorld.com.