VMware vSphere Security Cookbook电子书

VMware vSphere Security Cookbook

Table of Contents

VMware vSphere Security Cookbook

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Instant updates on new Packt books

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Threat and Vulnerability Overview

Introduction

Risk overview

Understanding defense-in-depth

Hypervisor threats

Hypervisor vulnerabilities

Guest virtual machine threats

Guest virtual machine vulnerabilities

Network threats

Network vulnerabilities

Storage threats

Storage vulnerabilities

Physical threats

Physical vulnerabilities

Security concepts

References

Summary

2. ESXi Host Security

Introduction

Hardening the host via Console

Getting ready

How to do it…

How it works…

There's more

Hardening the host via vSphere Client

Getting ready

How to do it…

How it works…

Configuring host services

Getting ready

How to do it…

How it works…

Configuring the host firewall

Getting ready

How to do it…

How it works…

There's more

TPM encryption

See also

3. Configuring Virtual Machine Security

Introduction

Configuring administrative access options

Getting ready

How to do it…

How it works…

Securing the guest OS

Getting ready

How to do it…

Configuring the Windows 7 guest OS security

Getting ready

How to do it…

How it works…

Configuring the Windows Server 2008 R2 guest OS security

Getting ready

How to do it…

How it works…

There's more...

Virtual machine antivirus

Firewalls

See also

Guest virtual machine hardening

Getting ready

How to do it…

Remove unnecessary virtual hardware

Unexposed features

Restricting data between the host and guest

Restricting commands

Limiting the guest OS writes to the host memory

How it works…

See also

Configuring virtual machine resource isolation

Getting ready

How to do it…

How it works…

Configuring the standard image templates

Getting ready

How to do it...

How it works...

Managing snapshots

Getting ready

How to do it...

How it works...

See also

4. Configuring User Management

Introduction

Configuring vCenter Single Sign-On

Getting ready

How to do it…

How it works…

Managing Single Sign-On users with vSphere Web Client

Getting ready

How to do it…

How it works…

Configuring Active Directory integration

Getting ready

How to do it…

How it works…

Managing Active Directory users and groups

Getting ready

How to do it…

How it works…

Assigning permissions

Getting ready

How to do it…

How it works…

Assigning administrative roles

Getting ready

How to do it…

How it works…

See also

5. Configuring Network Security

Introduction

Configuring Standard vSwitch security

Getting ready

How to do it…

How it works…

Configuring the port group security

Getting ready

How to do it…

How it works…

Configuring VLANs

Getting ready

How to do it…

How it works…

Creating DMZ networks

Getting ready

How to do it…

How it works…

Providing Distributed vSwitch security options


Getting ready

How to do it…

How it works…

Configuring PVLANs

Getting ready

How to do it…

How it works…

See also

6. Configuring Storage Security

Introduction

Configuring network isolation

Getting ready

How to do it…

How it works…

Configuring iSCSI security

Getting ready

How to do it…

How it works…

Configuring Header and Data Digest

Getting ready

How to do it…

How it works…

There's more…

Configuring the Fibre Channel security

See also

7. Configuring vShield Manager

Introduction

Installing vShield Manager OVA

Getting ready

How to do it…

How it works…

Configuring vShield Manager settings

Getting ready

How to do it…

How it works…

Adding vShield licensing to vCenter

Getting Started

How to do it…

How it works…

Configuring SSL Security for Web Manager

Getting ready

How to do it…

How it works…

Configuring Single Sign-On

Getting ready

How to do it…

How it works…

Configuring user accounts and roles

Getting ready

How to do it…

How it works…

Configuring services and service groups

Getting ready

How to do it…

How it works…

8. Configuring vShield App

Introduction

Installing vShield App

Getting ready

How to do it…

How it works…

Configuring vShield App using the Web Console

Getting ready

How to do it…

How it works…

Configuring vShield App Flow Monitoring

Getting ready

How to do it…

How it works…

Configuring vShield App Firewall

Getting ready

How to do it…

How it works…

Configuring vShield App SpoofGuard

Getting ready

How to do it…

How it works…

9. Configuring vShield Edge

Introduction

Installing vShield Edge

Getting ready

How to do it…

Configuring the Edge appliance

Configuring Edge interfaces

How it works…

Managing appliances

Getting ready

How to do it…

How it works…

Managing interfaces

Getting ready

How to do it…

How it works…

Managing certificates and revocation lists

Getting ready

How to do it…

How it works…

See also

Managing firewall rules

Getting ready

How to do it…

How it works…

Managing NAT rules and static routes

Getting ready

How to do it…

How it works…

Managing the IPSec VPN service

Getting ready

How to do it…

How it works…

Managing SSL VPN-Plus

Getting ready

How to do it…

Configuring the IP pool

Configuring private networks

Configuring authentication

Configuring an installation package

How it works…

Configuring the load-balancing service

Getting ready

How to do it…

How it works…

10. Configuring vShield Endpoint

Introduction

Installing vShield Endpoint

Getting started

How to do it…

How it works…

Configuring vShield Endpoint using an antivirus

Getting started

How to do it…

How it works…

11. Configuring vShield Data Security

Introduction

Installing vShield Data Security

Getting ready

How to do it…

How it works…

Configuring the vShield Data Security policies

Getting ready

How to do it…

How it works…

Managing vShield Data Security reports

Getting ready

How to do it…

How it works…

12. Configuring vSphere Certificates

Introduction

Configuring a Windows CA template

Getting started

How to do it…

How it works…

See also

Requesting certificates from a Windows CA

Getting started

How to do it…

How it works…

Using SSL Certificate Automation Tool 5.5

Getting started

How to do it…

How it works…

There's more…

Process certificate requests

Getting started

How to do it…

How it works…

Registering the Single Sign-On certificate

Getting started

How to do it…

How it works…

Registering the Inventory Service certificate

Getting started

How to do it…

How it works…

Registering the vCenter certificate

Getting started

How to do it…

How it works…

Registering the Web Client certificate

Getting started

How to do it…

How it works…

Registering the Log Browser certificate

Getting started

How to do it…

How it works…

Registering the Update Manager certificate

Getting started

How to do it…

How it works…

Installing an ESXi host certificate

Getting started

How to do it…

How it works…

13. Configuring vShield VXLAN Virtual Wires

Introduction

Prerequisites for configuring VXLAN virtual wires

Getting started

How to do it…

Ensuring the Managed IP address of vCenter is set

Ensuring DHCP availability

Setting a multicast address range and segment ID pool

Setting up network connectivity for VXLAN traffic

Verifying the distributed switch MTU setting

How it works…

There's more

Configuring VXLAN virtual wires

Getting started

How to do it…

Adding a VXLAN network scope

Adding a VXLAN virtual wire

Connecting a VXLAN virtual wire to vShield Edge

Enabling services for the VXLAN virtual wire

Connecting a virtual machine to a VXLAN virtual wire

How it works…

Testing VXLAN virtual wires

Getting started

How to do it…

How it works…

There's more

Configuring firewall rules for VXLAN virtual wires

Getting started

How to do it…

How it works…

See also

Index