Installation guide
Table Of Contents
- VMware vCenter Configuration ManagerAdministration Guide
- About This Book
- Getting Started with VCM
- Installing and Getting Started with VCM Tools
- Configuring VMware Cloud Infrastructure
- Virtual Environments Configuration
- Configure Virtual Environments Collections
- Configure Managing Agent Machines
- Obtain the SSL Certificate Thumbprint
- Configure vCenter Server Data Collections
- Configure vCenter Server Virtual Machine Collections
- Configure vCloud Director Collections
- Configure vCloud Director vApp Virtual Machines Collections
- Configure vShield Manager Collections
- Configure ESX Service Console OS Collections
- Configure the vSphere Client VCM Plug-In
- Running Compliance for the VMware Cloud Infrastructure
- Create and Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Rule Groups
- Create and Test Virtual Environment Compliance Rules
- Create and Test Virtual Environment Compliance Filters
- Preview Virtual Environment Compliance Rule Groups
- Create Virtual Environment Compliance Templates
- Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Exceptions
- Configuring vCenter Operations Manager Integration
- Auditing Security Changes in Your Environment
- Configuring Windows Machines
- Verify Available Domains
- Check the Network Authority
- Assign Network Authority Accounts
- Discover Windows Machines
- License Windows Machines
- Disable User Account Control for VCM Agent Installation
- Install the VCM Windows Agent on Your Windows Machines
- Enable UAC After VCM Agent Installation
- Collect Windows Data
- Windows Collection Results
- Getting Started with Windows Custom Information
- Prerequisites to Collect Windows Custom Information
- Using PowerShell Scripts for WCI Collections
- Windows Custom Information Change Management
- Collecting Windows Custom Information
- Create Your Own WCI PowerShell Collection Script
- Verify that Your Custom PowerShell Script is Valid
- Install PowerShell
- Collect Windows Custom Information Data
- Run the Script-Based Collection Filter
- View Windows Custom Information Job Status Details
- Windows Custom Information Collection Results
- Run Windows Custom Information Reports
- Troubleshooting Custom PowerShell Scripts
- Configuring Linux and UNIX Machines
- Configuring Mac OS X Machines
- Patching Managed Machines
- VCM Patching for Windows Machines
- VCM Patching for UNIX and Linux Machines
- UNIX and Linux Patch Assessment and Deployment
- Getting Started with VCM Patching
- Getting Started with VCM Patching for Windows Machines
- Check for Updates to Bulletins
- Collect Data from Windows Machines by Using the VCM Patching Filter Sets
- Assess Windows Machines
- Review VCM Patching Windows Assessment Results
- Prerequisites for Patch Deployment
- Default Location for UNIX/Linux Patches
- Location for UNIX/Linux Patches
- Default Location for UNIX/Linux Patches
- vCenter Software Content Repository Tool
- Deploy Patches to Windows Machines
- Getting Started with VCM Patching for UNIX and Linux Machines
- Check for Updates to Bulletins
- Collect Patch Assessment Data from UNIX and Linux Machines
- Explore Assessment Results and Acquire and Store the Patches
- Default Location for UNIX/Linux Patches
- Deploy Patches to UNIX/Linux Machines
- How the Deploy Action Works
- Running VCM Patching Reports
- Customize Your Environment for VCM Patching
- Running and Enforcing Compliance
- Provisioning Physical or Virtual Machine Operating Systems
- Provisioning Software on Managed Machines
- Using Package Studio to Create Software Packages and Publish to Repositories
- Software Repository for Windows
- Package Manager for Windows
- Software Provisioning Component Relationships
- Install the Software Provisioning Components
- Using Package Studio to Create Software Packages and Publish to Repositories
- Using VCM Software Provisioning for Windows
- Related Software Provisioning Actions
- Configuring Active Directory Environments
- Configuring Remote Machines
- Tracking Unmanaged Hardware and Software Asset Data
- Managing Changes with Service Desk Integration
- Index
Running and Enforcing Compliance
11
Running and Enforcing Compliance
Using the Compliance module, you define a standard configuration for all machines or multiple standards
for different machine groups. Then, you compare machines against these configuration rules to see if the
machines are in compliance. In some cases, you can enforce certain settings on the machines that are not in
compliance.
Preset rules and templates are available that enable you to begin monitoring system compliance to
regulatory (Sarbanes-Oxley, HIPAA, GLBA and FISMA) industry and Microsoft standards. You can create
and manage rules and rule groups based on Active Directory (AD) objects and configuration data, or on
machine data.
IMPORTANT Compliance does not query individual systems; it only queries the database. If a machine has
not been included in a Collection, or the necessary information has not been included in a Collection, or
the last Collection is outdated, the Compliance Monitor will measure incorrect or out-of-date data.
Therefore, for accurate Compliance monitoring, you must first collect the necessary data.
Getting Started with SCAP Compliance
Security Content Automation Protocol (SCAP) is a suite of standards that enable automated vulnerability
management, measurement, and policy compliance evaluation. The VCM SCAP implementation employs
or references six open standards that SCAP uses to enumerate, evaluate, and measure the impact of
software problems and to report results.
n
Common Configuration Enumeration (CCE). A standard of unique identifiers for common system
configuration issues
n
Common Vulnerabilities and Exposures (CVE). A dictionary of standard identifiers for security
vulnerabilities related to software flaws
n
Open Vulnerability and Assessment Language (OVAL). An XML standard for security testing
procedures and reporting
n
Common Platform Enumeration (CPE). Standard identifiers and a dictionary for platform and product
naming
n
Extensible Configuration Checklist Description Format (XCCDF). A standard for specifying
checklists and reporting results
n
Common Vulnerability Scoring System (CVSS). A standard for conveying and scoring the impact of
VMware, Inc.
153