5.6
Table Of Contents
- VMware vCenter Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Software Provisioning Components
- Operating System Provisioning Components
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
To mitigate this risk, use one or more of the following techniques:
n
Use operating system provisioning only across a secure network. After a machine is provisioned, it can
then be transferred to a less secure network and used like any other managed machine.
n
Do not join machines to domains during operating system provisioning activities.
n
Change secret passwords to temporary passwords before transmission by the OS Provisioning Server,
and change them back immediately after provisioning operations are finished.
n
Change any secret passwords transmitted during operating system provisioning immediately after the
process is finished. Change the passwords everywhere they were used, even on machines not involved
with provisioning operations.
Operating System Provisioning Components
VMware, Inc.
51