VCAP-DCV Deploy Objective 8.3

Home / VCAP6-DCV Deploy / VCAP-DCV Deploy Objective 8.3

In this section we are going to cover “Harden a vSphere 6.x Deployment”

Here are the objective from the blueprint :

  • Enable and configure ESXi Lockdown mode (Strict / Normal)
  • Configure a user on the Lockdown Mode Exception Users list
  • Customize SSH settings for increased security
  • Enable strong passwords and configure password policies
  • Configure vSphere hardening of virtual machines according to a deployment plan

Lab Setup:

Using VMware workstation:

  • Microsoft Servers 2012R2 for Services (DNS , DHCP, etc…)
  • Installed esx0
  • Installed VCSA

 Documents used:

  • vSphere Security Guide

Enable and configure ESXi Lockdown mode (Strict / Normal):

To configure Lockdown mode on ESXi host click on the host>>manage>>settings>> security profile>>lockdown mode >> edit

vcap_sec3

 

Configure a user on the Lockdown Mode Exception Users list:

In the same location is the above you can add exception users

vcap_sec4

Customize SSH settings for increased security:

You can enable / disable SSH to your host via the UI:

vcap_sec5

 

or the DCUI:

vcap_sec6

 

you can disable authorized (SSH) Keys by monitoring the contents of the /etc/ssh/keys-root/authorized_keys file to ensure that no users are allowed to access the host without proper authentication.

 

Configure vSphere hardening of virtual machines according to a deployment plan:

see my previous post:

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.2 – Part 1

 

Thanks for reading

Mordi.

 

Leave a Reply

Your email address will not be published. Required fields are marked *