Category: vSphere

Jul 19

Using the vCenter Login Banner for RSA SecurID support

In vSphere 6.0 Update 2 we added the capability to use RSA SecurID for two-factor authentication (2FA) in to the web client (only). I wrote about that in a two part blog series. Part 1 and Part 2

I recently got an email from a customer asking me about the implementation of the RSA SecurID Agent in vSphere and that prompted this blog.

The initial inquiry was around SecurID PIN resets and the customer asked: “It seems like vSphere doesn’t support PIN resets. How can I help my folks who are logging in to vCenter if their PIN is expired?”

In this blog I’ll show you how editing the Login Banner can help you get your users to the right page to reset their RSA SecurID PIN.

Continue reading

May 04

Secure Boot for ESXi 6.5 – Hypervisor Assurance

I’ve talked about how vSphere has been moving towards a “secure by default” stance over the past few years. This can clearly be seen in the new vSphere 6.5 Security Configuration Guide where the number of “hardening” steps are growing smaller with every release. In this blog post we will go over another “secure by default” feature of vSphere 6.5 that provides hypervisor assurance, Secure Boot for ESXi.

One of the coolest things in 6.5, in my opinion, is the adoption of Secure Boot for ESXi. Now, you might say “But my laptop has had Secure Boot since Windows 8, what’s the big deal?”

Well, the “big deal” is that we’ve gone beyond the default behavior of Secure Boot and we now leverage the capabilities of the UEFI firmware to ensure that ESXi not only boots with a signed bootloader validated by the host firmware but that it also ensures that unsigned code won’t run on the hypervisor. Best of all, it’s simple to implement! Let’s dive in!

Continue reading

Apr 19

Supported vSphere vCenter and ESXi Ciphers

Hi everyone,

One question that comes up regularly is “What ciphers are supported on vCenter and ESXi?”. I’m happy to share that we have published a VMware Knowledge Base article outlining the supported ciphers!

With all of the challenges around SSL/TLS the past year or two, having a solid idea of what ciphers are being used is becoming critical information that is necessary for IT and security teams to do their jobs.

Rather than list the ciphers here, I’ll just point you at the KB as it will be the central repository for this information and will be updated as necessary.

Continue reading