Lockdown mode has been around in various forms for many releases. The behaviors have changed a few times since 5.1 with varying levels of usability success. For vSphere 6.0 we are trying to address some of these issues. Personally, what I’d love to see happen with all customers running V6.0 is that you run at a minimum the “Normal” Lockdown Mode.
Category Archive: IT
You’re the virtualization admin. Your security guy comes up to you, looking for information. You really don’t want to give him an account on vCenter, do you? (according to a group discussion session I did at VMworld, the answer was clearly “No” with some being a little more colorful by using the term “NFW”!)
But lets face it, the IT Security folks do have a job to do and they really could use information on a regular basis to do their job. Let’s see if we help them by helping you, shall we?
Give us questions, we’ll give you answers
I’m looking for examples of the types of questions IT Security needs regular answers to. Alan Renouf and I are mulling some ways to help both of you out. No details yet but having Alan involved should give you a hint! :) Give us the questions, let us surprise you.
I’ll start this off with some examples:
Security Guy: “I need to see….
- all the virtual machines that have a CD drive attached
- what virtual machines are on what network/switch/portgroup
- what virtual machines are on what storage device
- what roles are assigned to what users
- ESXi server SSL certificate details like when they expire
- What vSwitches are in promiscuous mode
- any vDS port mirroring details
- the ESXi shell interactive timeout values
- what the syslog IP address is set to on the ESXi servers
Based on that, start posting the questions! We’ll try to get as many included in this little project we are working on. We hope you like it!