What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant
|
|
- Logan Murphy
- 8 years ago
- Views:
Transcription
1 What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant Nationwide Insurance
2 Learning Objectives Understand the fundamentals of virtualization and supporting architecture Develop and execute a risk based audit for VMware ESX servers Identifybestpractices for securing VMware ESX servers, access to the management tools, and other key configurations related to virtual servers Leverage the lessons learned from our review and apply this to your environment 2
3 Before We Begin 3
4 Agenda What is it? Why are companies using it? How do you audit VMware? 4
5 Virtualization Defined 5
6 Virtualization Defined Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. 6
7 Virtualization Defined 7
8 How about an Analogy? 8
9 Virtualization Architecture 9
10 Why Virtualize? Increase Agility Cost Savings Enables Standardization Virtualize Virtualization: Benefits and Challenges ISACAEmerging Technology White Paper 10
11 Impacts to Governance Improve cost control Improve delivery efficiency Strengthen business continuity SME availability Roles and responsibilities ITGC impacts Virtualization: Benefits and Challenges ISACAEmerging Technology White Paper 11
12 How to Audit VMware? Stti Setting the stage Risks to consider Focus areas Compatibility Change management Patch management Physical access Logical access Segmentation Backup/storage Monitoring/logging 12
13 Setting the Stage Focus 13
14 Setting the Stage At Nationwide zvm vs. VMware Virtualization first direction > 2,000 VMware server instances Hosting Windows and Linux Leveraged by all core businesses 14
15 Setting the Stage Common Terms Hosts Guests (VMs) Hypervisor (VMware ESX) Service Console Management Solutions (vcenter, Update Manager, vmotion) 15
16 Setting the Stage What s COBIT Say? PO4 Dfi Define the IT processes, organization and relationships PO9 Assess and manage IT risks AI3 Acquire and maintain technology infrastructure AI6 Manage changes DS5 Ensure systems security DS9 Manage the configuration ME3 Ensure compliance with external requirements ME4 Provide IT governance 16
17 Risks to Consider Information Security System Availability Virtualization Strategict Regulatory 17
18 Where do we start? Version of VMware (ESX, ESXi) Inventory of host servers Inventory of guest servers Current architecture diagrams Security templates 18
19 Information Security System Availability Strategic/Regulatory Risk Strategic Strategic Virtualization Regulatory Business/IT strategy Information Risk Management Regulatory requirements 19
20 Information Security System Availability Hardware Compatibility Strategic Strategic Virtualization Regulatory Hardware compatibility list Risks: Unexpected server behavior Lack of support Limited functionality (vmotion) 20
21 Deployment: Change Management (Hosts/Guests) Standard/certified build Approval/exception p for customization Limit ability to deploy Standard change management controls Routine scans for compliance with enterprise standards Virtual Machine Sprawl Information Security Strategic Virtualization System Availability Regulatory 21
22 Patch Management (Hosts/Guests) Information Security Strategic Virtualization System Availability Regulatory OS, VMware, Anti virus, etc. Updates/patches Currency Testing Automation 22
23 Physical Access Information Security Virtualization System Availability Strategic Regulatory (Hosts) Hosts = physical servers Same rules apply Physical Environmental Disaster Recovery 23
24 Logical Access Strategic Information Security Virtualization System Availability Strategic Regulatory 24
25 Logical Access Information Security Strategic Virtualization System Availability Regulatory Service Console Dedicated/secure channel Limited i access No SSH Use SUDO Enable logging 25
26 Logical Access (Management) Information Security Strategic Virtualization System Availability Regulatory Virtual Infrastructure Client (VIC) Access to Guest or vcenter Secure tunnel Limit installations Limit access 26
27 Logical Access Information Security Virtualization System Availability Strategic Regulatory (Management) vcenter Limit access to administrator roles Parent/child relationship Disable Propagate Segregation of duties Default passwords 27
28 Logical Access (Management) vcenter Security consists of three parts: The object The user or group A security role Security is assigned at the object level by combining a user/group with a role and assigning to an object Information Security Strategic Virtualization System Availability Regulatory 28
29 Logical Access Information Security Virtualization System Availability Strategic Regulatory (Management) 29
30 vcenter List of users/groups List of roles assigned to users/groups Detail of privileges assigned to roles Logical Access (Management) Information Security Strategic Virtualization System Availability Regulatory 30
31 Logical Access (Guests) Information Security Strategic Virtualization System Availability Regulatory Operating System Same access concerns found in OS on host Df Default ltinstalled duser and Group Accounts Default Vendor ID s Administrator level accounts 31
32 Information Security System Availability Quick Tip Virtualization Strategic Financial Non persistent Disks Disabled by default When enabled all changes are deleted d when guest is turned off Could allow hacker to cover their tracks 32
33 Segmentation Strategic Information Security Virtualization System Availability Strategic Regulatory Guest segmentation Legal/Regulatory Criticality Sensitivity of date Separate zone for Management Firewalls, switches, vlan s 33
34 Information Security System Availability Segmentation Strategic Virtualization Strategic Regulatory resources/virtual networking/networking basics.html 34
35 Information Security System Availability Quick Tip Virtualization Strategic Financial Virtual Switches Potential for MAC Spoofing Promiscuous mode on vswitch his disabled d by default Verify it is not enabled Disable MAC Address Changes and Forged Transmissions 35
36 Information Security System Availability Backup/Storage Strategic Virtualization Strategic Regulatory VM repositories and datastores Hosts VMware Consolidated d Backup (VCB) Storage array Secure data transfer Backup testing/restores 36
37 Information Security System Availability Backup/Storage Virtualization Strategic Regulatory Virtual Server Snapshots Best Practices Adequate free disk space Only on active snapshot Remove inactive snapshots Risk running out of disk space if you leave snapshots active Multiple snapshots leads to version control issues 37
38 Information Security System Availability Quick Tip Virtualization Strategic Financial Virtual Disk Shrinking Can cause availability issues Ensure the following are configured for each guest isolation.tools.diskwiper.disable=true isolation.tools.diskshrink.disable=true 38
39 Monitoring and Logging (Hosts/Guests) t Information Security Strategic Virtualization System Availability Regulatory Monitor performance and capacity CPU cycles Number of servers Disk storage Security failed logins, lockouts Alerts when thresholds are approached 39
40 Our Lessons Learned Do your research! Utilize subject matter experts Don t bite off more than you can chew Leverage this presentation tti and existing iti audit programs Partner with your IT department 40
41 Learning Objectives Understand the fundamentals of virtualization and supporting architecture Develop and execute a risk based audit for VMware ESX servers Identifybestpractices for securing VMware ESX servers, access to the management tools, and other key configurations related to virtual servers Leverage the lessons learned from our review and apply this to your environment 41
42 Contact Information Rick Schnierer, CISA, CRISC Associate Vice President Systems Audit, Nationwide Insurance Chris hi Tennant, CISA, CRISC Audit Director InternalAudit Audit, Nationwide Insurance 42
43 Appendix Audit Programs Nationwide id Insurance VMware ESX 4 Server Virtualization Audit Program Nationwide VMWare Audit Program ISACA VMware Server Virtualization Audit Program Center/ITAF IT Assurance Audit /Audit Programs/Pages/ICQs and Audit Programs.aspx 43
44 Appendix Additional Resources Virtualization: Benefits and Challenges by ISACA Center/Research/ ResearchDeliverables/Pages/Virtualization Benefits and Challenges.aspx Security Hardening, by VMware, security wp.pdf ESX Server Security Technical Implementation Guide Version 1, Release 1, by the Defense Information Systems Agency (DISA), iase.disa.mil/stigs/stig/esx_server_stig_v1r1_final.pdfserver stig v1r1 44
45 Risk Control Test Procedures Host Servers Architecture decisions related to host servers are reviewed, approved and documented. 1 Host hardware is not compatible with virtualization software increasing the risk of outages, increased maintenance costs or the inability to fully utilize software functionality. 2 Host servers are unable to provide adequate memory and processing resources as a result of poor monitoring and resource planning/ management. A monitoring solution is in place to monitor various resources and settings on host servers including CPU, memory, disks, power supply, etc. Alerts are configured to notify the appropriate support group should any thresholds be exceeded. Inquire with management to determine how host hardware selections are made for virtual environments. - Ensure decision are made using the existing architecture policies and procedures. Select a sample of host servers and obtain hardware configuration information. - Review hardware configuration to reasonably assert compatible hardware is being used. - Also obtain and review applicable documentation to ensure hardware planning is aligned with the ESX host hardware compatibility guide. Compare hardware information to ESX host hardware compatibility guide to ensure VMware is only installed on compatible hardware. Verify effective monitoring of key resources elements such as memory (minimum requirements, currently used, total used), CPU utilization (% of available), and used/free hard disk space. -Verify monitoring application does not use the root account or other account with administrative rights Analyze the number of incidents (tickets) related to capacity issues for host servers to ensure monitoring and overall management of capacity is effective. Determine if alerts are enable to trigger when predetermined thresholds are approached and/or met. Ensure appropriate individuals are designate to receive alerts. A periodic assessment of Interview management to determine what type of scalability and hardware resources and resource forecasting are performed with regard to host servers. needs is performed to -Ensure frequency of analysis and representatives are appropriate. ensure memory, CPU's -Ensure host servers have sufficient free memory slots to meet etc are updated proactively. memory expansion needs. The CIM is restricted to only authorized users through a separate administrative account. Inquire with management to determine if CIM is being used. If not, it should be disabled. If CIM is used ensure a unique administrative account exists and is used when access the CIM.
46 Risk Control Test Procedures An approved security template is in place for use on all ESX host server builds. 3 Host servers are not appropriately configured increasing the risk of compromise, outages, or scalability issues. Host server builds are reviewed to ensure compliance with existing security template guidelines. Exceptions or deviations from the standard build must be requested and approved prior to implementation. All changes to host server configurations follow standard change management processes including approvals, testing, communication and roll-back requirements for each request/change. Changes made to host servers are also made to base images and test environments to ensure currency. Host servers are designed and implemented with sufficient physical network cards to ensure adequate separation of management, vmotion, heartbeat, and virtual server networks. Anti-virus software is installed as part of the build process host servers. Obtain and review current ESX security template. Inquire with virtualization team management to ensure the security template is used when configuring new ESX host server builds. Inquire with management to ensure host server configurations are reviewed against the existing security template for compliance. Standard change management governance controls should be tested. Standard change management governance controls should be tested. Review hardware configuration to determine if sufficient NIC's are available. A minimum of five should be present (for ESX v4); however, additional NIC's should be present for any required virtual server segmentation. (1 - dedicated to management network, 1 - cluster heartbeat, 1 - vmotion traffic, 2 - for virtual server redundancy) Standard Anti-virus and change management testing should be performed. Patches and upgrades to host servers are performed in accordance with enterprise software currency policies. Remote Management Cards (e.g. Integrated Lights Out (ILO)) are placed on protected networks. Standard patch management control testing. Review hardware configuration to ensure remote management cards are placed on protected networks.
47 Risk Control Test Procedures The host hardware includes a RAID sufficient to meet data retention and processing needs. 4 Host Hardware is not supported by a redundant architecture increasing the risk of lost data and outages. Determine what RAID level is utilized. Ensure it is appropriate (i.e. RAID level 5 or 10) 5 Access to console is not adequately restricted to authorized users increasing the risk of unauthorized attempts to access ESX administrative resources. Console is not directly accessed by shared accounts except during emergencies. Administrator roles have been appropriately established (i.e. power on/off virtual machine/ connect to a remove device, create new machines.) Host Management Inquire with management to determine console access practices. Ensure the Console is accessed using SUDO (not SU) and logging for SUDO is enabled. Review logs stored in /var/log/secure for esxcfg commands. Review access privileges to ensure super user type privileges are only assigned to the administrator role. Obtain and review access assigned to ensure only authorized users have access to the management console. 6 Remote access to the console is not through a secure channel to limit the risk of compromise. A secure channel (i.e. Obtain and review network architecture diagrams to determine if isolated physical network, access to the management console is obtained through an isolated SSH tunnel, etc) is used physical network (not a VLAN). to access the console -This will include obtain IP's for remote access and comparing to public remotely. network IP's. 7 The Management Console is not implemented according to existing enterprise security templates increasing the risk of compromise, outages, or scalability issues. An approved security template is in place including guidelines for appropriate Management Console setup. Obtain and review current ESX security template. Inquire with virtualization team management to ensure the security template is used when configuring new management consoles. Configuration of the management console is reviewed against the security template and approved by the IT operations team. Inquire with management to ensure configurations are reviewed against the existing security template for compliance.
48 Risk Control Test Procedures Virtual Guests and vcenter Virtual server memory is monitored using CIM. 8 Virtual server memory is overcommitted leading to continuous memory swapping, performance erosion or possible outages. Determine if a monitoring tool is in place. Obtain and review a sample of monitoring results to ensure thresholds are reasonable, critical components are monitored, and results are routinely reviewed. - Determine if virtual servers are "thin" provisioned or "thick" provision and determine if this is reasonable. Policies and procedures are in place to ensure Snapshots are deleted (after compilation with base file) timely. From sample of servers selected above determine is any active snapshots are on related virtual machines. - Right click on virtual server folder - Select Snapshot option - If "Revert to..." is available active Snapshot is on virtual server and should be removed unless acceptable reason presented. alternatively.. -In Data store Browser for virtual server, search for file names including "*-*0001" or similar. 9 Guest servers are not appropriately configured increasing the risk of compromise, outages, or scalability issues. Guest servers are prioritized based on criticality to ensure memory swapping between guests is adequately controlled. An approved security template is in place for use on all ESX guest server builds. Inquire with management to determine if procedures are in place to prioritize guests based on business criticality. Review configuration of guests to ensure memory swapping is adequately prioritized based on criticality. Obtain and review current ESX security template. Inquire with virtualization team management to ensure the security template is used when configuring new ESX guest server builds. Virtual guest server builds are reviewed to ensure compliance with existing security template guidelines. Inquire with management to ensure guest server configurations are reviewed against the existing security template for compliance. Exceptions or deviations from the standard build must be requested and approved prior to implementation. Inquire with management to ensure guest server configurations are reviewed against the existing security template for compliance.
49 Risk Control Test Procedures All changes to guest server configurations follow standard change management processes including approvals, testing, communication and roll-back requirements for each request/change. Standard change management governance controls should be tested. Changes made to guest servers are also made to base images and test environments to ensure currency. A standard naming convention is used to identify all virtual servers including location, type, identification number and description. Standard change management governance controls should be tested. Inquire with management to ensure a standard naming convention is employed with creating new guest servers. Each server name should be uniquely identifiable. Non-persistent disks are not enabled on guest servers. Review servers configuration to ensure nonpersistent disks are not permitted. -Right click on guest server -Select hardware tab -Observe if "Non-persistent Disks" is enabled Patches and upgrades to Standard patch management testing should be performed. guest servers are perform in accordance with enterprise software currency policies. Anti-virus i software is Standard d Anti-virus i and change management testing ti should be installed as part of the performed. build process host servers. Disk shrinking functionality is disable. Review parameters on a sample of guest servers to ensure the disk shrinking functionality is disabled. -Edit>Settings>Options>Advanced/General>Configuration Parameters 10 Remote access to the Virtual Infrastructure Client (VIC) is not through a secure channel (VPN). Remote access is only accessible through a VPN (secure) tunnel. Remote console connections are restricted to one user. External access is not permitted through port 3389 (remote desktop). Inquire with management to ensure remote access (RDP sessions) requires use of a VPN tunnel and two factor authentication. Review parameters on a sample of guest servers to ensure the Remote Console Connection parameter is adequately restricted. -Edit>Settings>Options>Advanced/General>Configuration Parameters Inquire with management to determine if port 3389 is disabled. For a sample of servers review configurations. (This allows a hacker to obtain username and password through key logging, brute force, etc.)
50 Risk Control Test Procedures Promiscuous mode on virtual switches is disabled. 11 Virtual switches are configured to permit promiscuous mode, MAC address changes, or forged transmission allowing the MAC address to be spoofed. 12 Guest servers/clusters are not adequately separated through network segmentations to leading to potential breach of confidential information or legal/regulatory noncompliance. Legal and regulatory requirements regarding the implementation of virtual environments are communicated to the engineering team. Appropriate segmentation or security zones are maintained to ensure compliance with legal and regulatory requirements. Review virtual switch configuration to ensure promiscuous mode is disabled. - In vswitch properties open security tab - Promiscuous Mode, MAC Address Changes, and Forged Transmissions should all be set to "Rejected" Ensure legal and regulatory concerns affecting the implementation of virtual servers is communicated to and acted on by the IT engineering team. Determine if legal or regulatory constraints exist requiring segmentation of guest servers (i.e. Nationwide Bank). If so, ensure appropriate action has been taken. 13 Periodic backups of *.vmdk files are not performed. Virtual environments with like security ypostures are placed together in separate network segments and isolated from those with significantly different security postures. Disk based backups are performed for *.vmdk files on a periodic basis. Review network diagrams with management to determine reasonableness of guest server placement in relation to servers with similar security postures. Inquire with management to ensure backups of *.vmdk files are performed on a routine basis.
51 Risk Control Test Procedures Additional Areas Management performs ongoing analysis of the virtual deployment strategy to ensure it aligns with the overall enterprise business and IT strategy. 14 Virtual environments are implemented without adequate planning and approval from appropriate management leading to potential scalability concerns, inability to meet SLA's, or undesirable ROI. 15 Products utilized in virtual environments are not supported by vendor contracts increasing the risk of insufficient knowledge sources, prolonged outages and recovery times, and increased maintenance costs. Critical applications are reviewed for compatibility with virtualized environments prior to implementation. Virtual implementations are reviewed pre and post deployment to ensure all SLA's and intend benefits (e.g. ROI) are achieved. Vendor support contracts are in place for all VMware installations. Inquire with management and review analysis and decision making evidence to ensure adequate evaluation and approvals/disapprovals were obtained. Inquire with management and review analysis of application and tool deployment to virtualized environments to ensure adequate compatibility and performance levels to meet or exceed SLA's. Determine if each virtual server implementation is analyzed to ensure planned builds will meet SLA's. Inspect product support contract(s) to ensure all critical components are supported. (Initial support includes one year - ensure it is renewed as appropriate.)
Presentation for ISACA Chapter NL. Auditing Virtual Servers. VMware: Security and Operations. Gert-Jan Timmer 3. September, 2012
Presentation for ISACA Chapter NL Auditing Virtual Servers VMware: Security and Operations Gert-Jan Timmer 3. September, 2012 Auditing Virtual Servers: Vmware: Security and Operations Presentation today:
More informationVMware vsphere-6.0 Administration Training
VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast
More informationTGL VMware Presentation. Guangzhou Macau Hong Kong Shanghai Beijing
TGL VMware Presentation Guangzhou Macau Hong Kong Shanghai Beijing The Path To IT As A Service Existing Apps Future Apps Private Cloud Lots of Hardware and Plumbing Today IT TODAY Internal Cloud Federation
More informationMitigating Information Security Risks of Virtualization Technologies
Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization
More informationVirtualclientTechnology 2011 July
WHAT S NEW IN VSPHERE VirtualclientTechnology 2011 July Agenda vsphere Platform Recap vsphere 5 Overview Infrastructure Services Compute, Storage, Network Applications Services Availability, Security,
More informationTable of Contents. vsphere 4 Suite 24. Chapter Format and Conventions 10. Why You Need Virtualization 15 Types. Why vsphere. Onward, Through the Fog!
Table of Contents Introduction 1 About the VMware VCP Program 1 About the VCP Exam 2 Exam Topics 3 The Ideal VCP Candidate 7 How to Prepare for the Exam 9 How to Use This Book and CD 10 Chapter Format
More informationInstall Guide for JunosV Wireless LAN Controller
The next-generation Juniper Networks JunosV Wireless LAN Controller is a virtual controller using a cloud-based architecture with physical access points. The current functionality of a physical controller
More informationVMware vsphere 5.1 Advanced Administration
Course ID VMW200 VMware vsphere 5.1 Advanced Administration Course Description This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter.
More informationPreparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.
Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines
More informationVMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationBuilding a Penetration Testing Virtual Computer Laboratory
Building a Penetration Testing Virtual Computer Laboratory User Guide 1 A. Table of Contents Collaborative Virtual Computer Laboratory A. Table of Contents... 2 B. Introduction... 3 C. Configure Host Network
More informationVM-Series Firewall Deployment Tech Note PAN-OS 5.0
VM-Series Firewall Deployment Tech Note PAN-OS 5.0 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Supported Topologies... 3 Prerequisites... 4 Licensing... 5
More informationE-SPIN's Virtualization Management, System Administration Technical Training with VMware vsphere Enterprise (7 Day)
Class Schedule E-SPIN's Virtualization Management, System Administration Technical Training with VMware vsphere Enterprise (7 Day) Date: Specific Pre-Agreed Upon Date Time: 9.00am - 5.00pm Venue: Pre-Agreed
More informationVMware vsphere 4.1 with ESXi and vcenter
VMware vsphere 4.1 with ESXi and vcenter This powerful 5-day class is an intense introduction to virtualization using VMware s vsphere 4.1 including VMware ESX 4.1 and vcenter. Assuming no prior virtualization
More informationVMware vsphere: Install, Configure, Manage [V5.0]
VMware vsphere: Install, Configure, Manage [V5.0] Gain hands-on experience using VMware ESXi 5.0 and vcenter Server 5.0. In this hands-on, VMware -authorized course based on ESXi 5.0 and vcenter Server
More informationVMware for Bosch VMS. en Software Manual
VMware for Bosch VMS en Software Manual VMware for Bosch VMS Table of Contents en 3 Table of contents 1 Introduction 4 1.1 Restrictions 4 2 Overview 5 3 Installing and configuring ESXi server 6 3.1 Installing
More informationVMware vsphere Design. 2nd Edition
Brochure More information from http://www.researchandmarkets.com/reports/2330623/ VMware vsphere Design. 2nd Edition Description: Achieve the performance, scalability, and ROI your business needs What
More informationRemote PC Guide Series - Volume 1
Introduction and Planning for Remote PC Implementation with NETLAB+ Document Version: 2016-02-01 What is a remote PC and how does it work with NETLAB+? This educational guide will introduce the concepts
More informationADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure
ADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure Patrick Daigle, VCP, VMware Operations Team Lead, CGI/ITM John Y. Arrasjid, VCP, Sr. Consulting Architect, VMware Agenda Compliance
More informationVMware vsphere 5.0 Boot Camp
VMware vsphere 5.0 Boot Camp This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter. Assuming no prior virtualization experience, this
More informationDavid.Balka@chi.frb.org 2009 STREAM FRBC
Virtualization ti Dave Balka David.Balka@chi.frb.org Examination Elements Architecture Management Processes Integrity Availability Security 2 Datacenter Consolidation 3 What is Virtualization A framework
More informationIndex C, D. Background Intelligent Transfer Service (BITS), 174, 191
Index A Active Directory Restore Mode (DSRM), 12 Application profile, 293 Availability sets configure possible and preferred owners, 282 283 creation, 279 281 guest cluster, 279 physical cluster, 279 virtual
More informationTable of Contents. Online backup Manager User s Guide
Table of Contents Backup / Restore VMware Virtual Machines... Error! Bookmark not defined. Backup virtual machines running on VMware ESXi / ESX Server with VDDK / non VDDK... 2 Requirements and recommendations...
More informationCedric Rajendran VMware, Inc. Security Hardening vsphere 5.5
Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5 Agenda Security Hardening vsphere 5.5 ESXi Architectural Review ESXi Software Packaging The ESXi Firewall ESXi Local User Security Host Logs
More informationSecurity. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;
Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization
More informationVirtual Server and Storage Provisioning Service. Service Description
RAID Virtual Server and Storage Provisioning Service Service Description November 28, 2008 Computer Services Page 1 TABLE OF CONTENTS INTRODUCTION... 4 VIRTUAL SERVER AND STORAGE PROVISIONING SERVICE OVERVIEW...
More informationManagement of VMware ESXi. on HP ProLiant Servers
Management of VMware ESXi on W H I T E P A P E R Table of Contents Introduction................................................................ 3 HP Systems Insight Manager.................................................
More informationVirtual Appliance Setup Guide
The Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda Web Application Firewall hardware appliance. It is designed for easy deployment on
More informationBosch Video Management System High availability with VMware
Bosch Video Management System High availability with VMware en Technical Note Bosch Video Management System Table of contents en 3 Table of contents 1 Introduction 4 1.1 Restrictions 4 2 Overview 5 3
More informationBest Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software
Best Practices for Monitoring Databases on VMware Dean Richards Senior DBA, Confio Software 1 Who Am I? 20+ Years in Oracle & SQL Server DBA and Developer Worked for Oracle Consulting Specialize in Performance
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationAltor Virtual Network Security Analyzer v1.0 Installation Guide
Altor Virtual Network Security Analyzer v1.0 Installation Guide The Altor Virtual Network Security Analyzer (VNSA) application is deployed as Virtual Appliance running on VMware ESX servers. A single Altor
More informationCA Virtual Assurance/ Systems Performance for IM r12 DACHSUG 2011
CA Virtual Assurance/ Systems Performance for IM r12 DACHSUG 2011 Happy Birthday Spectrum! On this day, exactly 20 years ago (4/15/1991) Spectrum was officially considered meant - 2 CA Virtual Assurance
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationVirtualization Security Checklist
Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating
More informationKhóa học dành cho các kỹ sư hệ thống, quản trị hệ thống, kỹ sư vận hành cho các hệ thống ảo hóa ESXi, ESX và vcenter Server
1. Mục tiêu khóa học. Khóa học sẽ tập trung vào việc cài đặt, cấu hình và quản trị VMware vsphere 5.1. Khóa học xây dựng trên nền VMware ESXi 5.1 và VMware vcenter Server 5.1. 2. Đối tượng. Khóa học dành
More informationVirtual Server Agent v9 with VMware. March 2011
Virtual Server Agent v9 with VMware March 2011 Contents Summary... 3 Backup Transport Methods... 3 Deployment Scenarios... 3 VSA Installation Requirements... 4 VSA Patch Requirements... 4 VDDK Installation...
More informationVMware vsphere: Fast Track [V5.0]
VMware vsphere: Fast Track [V5.0] Experience the ultimate in vsphere 5 skills-building and VCP exam-preparation training. In this intensive, extended-hours course, you will focus on installing, configuring,
More informationVMware: Advanced Security
VMware: Advanced Security Course Introduction Course Introduction Chapter 01 - Primer and Reaffirming Our Knowledge Primer and Reaffirming Our Knowledge ESX Networking Components How Virtual Ethernet Adapters
More informationStudy Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill
VCP VMware Certified Professional vsphere 4 Study Guide (ExamVCP4IO) Robert Schmidt McGraw-Hill is an independent entity from VMware Inc. and is not affiliated with VMware Inc. in any manner.this study/training
More informationVMware@SoftLayer Cookbook Disaster Recovery (DR)
VMware@SoftLayer Cookbook Disaster Recovery (DR) IBM Global Technology Services: Khoa Huynh (khoa@us.ibm.com) Daniel De Araujo (ddearaujo@us.ibm.com) Bob Kellenberger (kellenbe@us.ibm.com) VMware: Merlin
More informationVMware Certified Professional 5 Data Center Virtualization (VCP5-DCV) Exam
Exam : VCP5-DCV Title : VMware Certified Professional 5 Data Center Virtualization (VCP5-DCV) Exam Version : DEMO 1 / 9 1.Click the Exhibit button. An administrator has deployed a new virtual machine on
More informationHow To Protect Virtualized Data From Security Threats
S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationSet Up a VM-Series Firewall on an ESXi Server
Set Up a VM-Series Firewall on an ESXi Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara,
More informationvsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration
Course Details Level: 1 Course: V6PCRE Duration: 5 Days Language: English Delivery Methods Instructor Led Training Instructor Led Online Training Participants: Virtualization and Cloud Administrators,
More informationVmware VSphere 6.0 Private Cloud Administration
To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Vmware VSphere 6.0 Private Cloud Administration Class Duration 5 Days Introduction This fast paced,
More informationPatch Management. Module 13. 2012 VMware Inc. All rights reserved
Patch Management Module 13 You Are Here Course Introduction Introduction to Virtualization Creating Virtual Machines VMware vcenter Server Configuring and Managing Virtual Networks Configuring and Managing
More informationVMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE
VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with
More informationVMWARE VSPHERE 5.0 WITH ESXI AND VCENTER
VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER CORPORATE COLLEGE SEMINAR SERIES Date: April 15-19 Presented by: Lone Star Corporate College Format: Location: Classroom instruction 8 a.m.-5 p.m. (five-day session)
More informationJOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI
JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI Job oriented VMWARE training is offered by Peridot Systems in Chennai. Training in our institute gives you strong foundation on cloud computing by incrementing
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationSet Up a VM-Series Firewall on an ESXi Server
Set Up a VM-Series Firewall on an ESXi Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara,
More informationBest Practices for VMware ESX Server 2
Best Practices for VMware ESX Server 2 2 Summary VMware ESX Server can be deployed in many ways. In this document, we recommend specific deployment guidelines. Following these guidelines will maximize
More informationIT-ADVENTURES PLAYGROUND (ISERINK) Remote Setup Guide IOWA STATE UNIVERSITY INFORMATION ASSURANCE CENTER
IT-ADVENTURES PLAYGROUND (ISERINK) Remote Setup Guide IOWA STATE UNIVERSITY INFORMATION ASSURANCE CENTER Spring 2014 Gaining access to your systems Since ISERink runs on a simulated internet provided by
More informationHow To Install Vsphere On An Ecx 4 On A Hyperconverged Powerline On A Microsoft Vspheon Vsphee 4 On An Ubuntu Vspheron V2.2.5 On A Powerline
vsphere 4 Implementation Contents Foreword Acknowledgments Introduction xix xxi xxiii 1 Install and Configure ESX 4 Classic 1 WhatlsESX? 3 for ESX Installation 4 Preparing Confirming Physical Settings
More informationRSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2
RSA Authentication Manager 8.1 Setup and Configuration Guide Revision 2 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationvsphere Security ESXi 6.0 vcenter Server 6.0 EN-001466-04
ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationUMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Originator: IT Performance and Capacity Management Policy Approval and Version Control Approval Process: Position or Meeting
More informationVirtual Appliance Setup Guide
Virtual Appliance Setup Guide 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective
More informationTesting New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM
Testing New Applications In The DMZ Using VMware ESX Ivan Dell Era Software Engineer IBM Agenda Problem definition Traditional solution The solution with VMware VI Remote control through the firewall Problem
More informationStratusphere Solutions
Stratusphere Solutions Deployment Best Practices Guide Introduction This guide has been authored by experts at Liquidware Labs in order to provide a baseline as well as recommendations for a best practices
More informationVMware vsphere 5.0 Evaluation Guide
VMware vsphere 5.0 Evaluation Guide Auto Deploy TECHNICAL WHITE PAPER Table of Contents About This Guide.... 4 System Requirements... 4 Hardware Requirements.... 4 Servers.... 4 Storage.... 4 Networking....
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationUsing Emergency Restore to recover the vcenter Server has the following benefits as compared to the above methods:
Executive Summary This document provides certain best practices with regards to the Emergency Restore feature in vsphere Data Protection 5.5 release. It also describes the methods and processes to be used
More informationAdvanced Server Virtualization: Vmware and Microsoft Platforms in the Virtual Data Center
Advanced Server Virtualization: Vmware and Microsoft Platforms in the Virtual Data Center Marshall, David ISBN-13: 9780849339318 Table of Contents BASIC CONCEPTS Introduction to Server Virtualization Overview
More information13.1 Backup virtual machines running on VMware ESXi / ESX Server
13 Backup / Restore VMware Virtual Machines Tomahawk Pro This chapter describes how to backup and restore virtual machines running on VMware ESX, ESXi Server or VMware Server 2.0. 13.1 Backup virtual machines
More informationInstalling and Using the vnios Trial
Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM
More informationLearn the Essentials of Virtualization Security
Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption
More informationCore Protection for Virtual Machines 1
Core Protection for Virtual Machines 1 Comprehensive Threat Protection for Virtual Environments. Installation Guide e Endpoint Security Trend Micro Incorporated reserves the right to make changes to this
More informationVirtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE
Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware
More informationTEXAS AGRILIFE SERVER MANAGEMENT PROGRAM
TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationVMware Data Recovery. Administrator's Guide EN-000193-00
Administrator's Guide EN-000193-00 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product
More informationPROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT
White Paper PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT Abstract This white paper examines the deployment considerations for ProSphere, the next generation of Storage Resource Management (SRM) from
More informationAdvanced VMware Training
Goals: Demonstrate VMware Fault Tolerance in action Demonstrate Host Profile Usage How to quickly deploy and configure several vsphere servers Discuss Storage vmotion use cases Demonstrate vcenter Server
More informationContents UNIFIED COMPUTING DATA SHEET. Virtual Data Centre Support. www.interoute.com
Contents Scope of this Document... 2 Product Overview... 2 Virtual Data Centre and VDC Dedicated Infrastructure... 2 Service Levels... 3 Severity and Support Response Times... 4 On-boarding... 5 Incident
More informationAerohive Networks Inc. Free Bonjour Gateway FAQ
Aerohive Networks Inc. Free Bonjour Gateway FAQ 1. About the Product... 1 2. Installation... 2 3. Management... 3 4. Troubleshooting... 4 1. About the Product What is the Aerohive s Free Bonjour Gateway?
More informationAbout the VM-Series Firewall
About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/
More informationUser Guide for VMware Adapter for SAP LVM VERSION 1.2
User Guide for VMware Adapter for SAP LVM VERSION 1.2 Table of Contents Introduction to VMware Adapter for SAP LVM... 3 Product Description... 3 Executive Summary... 3 Target Audience... 3 Prerequisites...
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationVMware ESX Server 3 Configuration Guide
Date: 03/03/08 VMware ESX Server 3 Configuration Guide Enterprise Applications Division of the Systems and Network Analysis Center (SNAC) Information Assurance Directorate National Security Agency 9800
More informationWhat s New with VMware Virtual Infrastructure
What s New with VMware Virtual Infrastructure Virtualization: Industry-Standard Way of Computing Early Adoption Mainstreaming Standardization Test & Development Server Consolidation Infrastructure Management
More informationHitachi Unified Compute Platform (UCP) Pro for VMware vsphere
Test Validation Hitachi Unified Compute Platform (UCP) Pro for VMware vsphere Author:, Sr. Partner, Evaluator Group April 2013 Enabling you to make the best technology decisions 2013 Evaluator Group, Inc.
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing
More informationvshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0
vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationQNAP in vsphere Environment
QNAP in vsphere Environment HOW TO USE QNAP NAS AS A VMWARE DATASTORE VIA NFS Copyright 2009. QNAP Systems, Inc. All Rights Reserved. V1.8 How to use QNAP NAS as a VMware Datastore via NFS QNAP provides
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationPICO Compliance Audit - A Quick Guide to Virtualization
WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization
More informationBest Practices for Managing Virtualized Environments
WHITE PAPER Introduction... 2 Reduce Tool and Process Sprawl... 2 Control Virtual Server Sprawl... 3 Effectively Manage Network Stress... 4 Reliably Deliver Application Services... 5 Comprehensively Manage
More informationVMTurbo Operations Manager 4.5 Installing and Updating Operations Manager
VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager VMTurbo, Inc. One Burlington Woods Drive Burlington, MA 01803 USA Phone: (781) 373---3540 www.vmturbo.com Table of Contents Introduction
More informationUila SaaS Installation Guide
USER GUIDE Uila SaaS Installation Guide January 2016 Version 1.8.1 Company Information Uila, Inc. 2905 Stender Way, Suite 76E Santa Clara, CA 95054 USER GUIDE Copyright Uila, Inc., 2014, 15. All rights
More informationQuick Start - Virtual Server idataagent (VMware)
Page 1 of 24 Quick Start - Virtual Server idataagent (VMware) TABLE OF CONTENTS OVERVIEW Introduction Key Features Complete Virtual Machine Protection Granular Recovery of Virtual Machine Data Minimal
More informationCisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)
Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1) September 17, 2010 Part Number: This document describes how to install software for the Cisco Nexus 1000V Virtual
More informationCisco Unified Computing Remote Management Services
Cisco Unified Computing Remote Management Services Cisco Remote Management Services are an immediate, flexible management solution that can help you realize the full value of the Cisco Unified Computing
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationManaged Hosting is a managed service provided by MN.IT. It is structured to help customers meet:
Managed Hosting Service Description Version 1.10 Effective Date: 3/3/2015 Purpose This Service Description is applicable to Managed Hosting services (MH) offered by MN.IT Services (MN.IT) and described
More information