VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.3

blueprint, study guide, VCP6-DCV
In this post we will follow the guideline from VMware VCP6-DCV blueprint below are the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert Knowledge Describe SSO architecture and components Differentiate available authentication methods with VMware vCenter Perform a multi-site SSO installation Configure/Manage Active Directory Authentication Configure/Manage Platform Services Controller (PSC) Configure/Manage VMware Certificate Authority (VMCA) Enable/Disable Single Sign-On (SSO) Users Upgrade a single/multi-site SSO installation Configure SSO policies Add/Edit/Remove SSO identity sources Add an ESXi Host to an AD domain Describe SSO architecture and components vCenter Single Sign-On is an authentication broker and security token exchange infrastructure. Vcenter SSO is part of the Platform Services Controller(PSC) vCenter SSO roles: Allow vSphere components to communicate securely Use combination of STS and SSL for secure traffic and user authentication via AD or LDAP via…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.2 – Part 2

blueprint, study guide, VCP6-DCV
In this post we will continue to follow the guideline from VMware VCP6-DCV blueprint This post will include only some of the objectives and i will continue in the next post. the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert   Harden a virtual machine against Denial-of-Service attacks Control VM-VM communications: In this section I think that VMware refers to the networking security , since VM's can communicate via the local network.for this section i looks at the VMware Security document and also the Security of the VMware vSphere Hypervisor white paper which listed in the blueprint tools.   From the whitepaper : "Just as a physical machine can communicate with other machines in a network only through a network adapter, a virtual machine can communicate with other virtual machines running…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.2 – Part 1

blueprint, study guide, VCP6-DCV
In this post we will follow the guideline from VMware VCP6-DCV blueprint This post will include only some of the objectives and i will continue in the next post. below are the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert Knowledge Harden virtual machine access Control VMware Tools installation Control VM data access Configure virtual machine security policies Harden a virtual machine against Denial-of-Service attacks Control VM-VM communications Control VM device connections Configure network security policies Harden ESXi Hosts Enable/Configure/Disable services in the ESXi firewall Change default account access Add an ESXi Host to a directory service Apply permissions to ESXi Hosts using Host Profiles Enable Lockdown Mode Control access to hosts (DCUI/Shell/SSH/MOB) Harden vCenter Server Control datastore browser access Create/Manage vCenter Server Security Certificates Control MOB access Change default…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.1 – Part 2

blueprint, study guide, VCP6-DCV
In this post we are going to continue with section 1 Objective 1.1 from the VCP-DCV blue print. Create/Clone/Edit vCenter Server Roles From home click on roles you can create/clone/edit server roles but you cannot modify the Administrator/Read Only/No access and Tagging admin , the reset can be modified    Configure VMware Directory Service see my post regarding adding vCenter to AD : http://vpentathlon.com/joining-vcenter6-to-my-lab-active-directory/ Apply a role to a User/Group and to an object or group of objects nothing new from the previous post about permissions Change permission validation settings That was tricky to find :-) , i looked at the VMware doc and it not pointing to the right place.  vCenter Server periodically validates its user and group lists against the users and groups in the user directory. It then removes users…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.1 – Part 1

blueprint, study guide, VCP6-DCV
In this post we will follow the guideline from VMware VCP6-DCV blueprint This post will include only some of the objectives and i will continue in the next post. below are the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert Objective 1.1: Configure and Administer Role-based Access Control Compare and contrast propagated and explicit permission assignments View/Sort/Export user and group lists Add/Modify/Remove permissions for users and groups on vCenter Server inventory objects Determine how permissions are applied and inherited in vCenter Server Create/Clone/Edit vCenter Server Roles Configure VMware Directory Service Apply a role to a User/Group and to an object or group of objects Change permission validation settings Determine the appropriate set of privileges for common tasks in vCenter Server Compare and contrast default system/sample roles Determine the correct permissions…
Read More