5.7
Table Of Contents
- VMware vCenter Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Software Provisioning Components
- Operating System Provisioning Components
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
Disabling Automatic Login
Systems that run the VCM user interface must require mandatory login.
Automatic login is a convenience that logs a specific Windows user into a machine after the machine
finishes restarting. Because it bypasses the access control that the login prompt provides, always disable
automatic Windows login on the VCM user interface system.
Disabling Simultaneous Login
The VCM user interface machines must not allow users to simultaneously log in to VCM by running
multiple browser sessions on either the same system or from different systems.
Simultaneous login sessions defeat the traceability of actions back to a specific VCM user and reduce
accountability.
Using Windows Credentials
To reduce susceptibility to spoofing attacks, do not allow VCM users to use a direct login to VCM. Instead,
have the Internet Explorer browser forward the VCM user interface system Windows login credentials, or
Run As or kinit credentials, to the VCM Web application. See "Customizing Internet Security Options" on
page 41.
Service Account Credentials
Do not log in to VCM with service account credentials. Logging in to VCM with a service account can lead
to unexpected or inconsistent behavior. Services using the same account as a logged in user can modify the
logged in user's current role, machine group, or log the user out of the system at inappropriate times.
Recognizing Direct Login Prompts
Because you log in to VCM by transmitting your Windows account credentials, treat direct VCM login
prompts in the browser with skepticism and caution.
When a user logs in to Windows using a domain account known to VCM, and connects to VCM, the
system authorizes the user by their Windows credentials rather than requiring them to explicitly log in to
VCM. Using the Windows login system resists spoofing and cross-site scripting attacks that exploit the
Internet Explorer browser.
VCM can support a separate, browser-based login when Windows credentials are either unavailable or
from a domain controller not trusted by VCM. However, the better practice is still to log in, or Run As,
using a domain account, configure Internet Explorer to transmit those credentials, and treat direct VCM
login prompts in the browser with skepticism and caution.
Public Access Points
Do not run the VCM user interface from public systems or from public Internet access points like kiosks or
Internet cafés.
Network traffic between the VCM user interface and VCM Web server is encrypted and mutually
authenticated. In spite of the safeguards, running VCM across the open Internet suggests that the VCM
user interface system is also being used for general Internet browsing and purposes other than
configuration management.
In particular, do not run the VCM user interface from public access points like kiosks or Internet cafés.
These locations expose the VCM user interface to threats and malicious attacks that circumvent secure
networking traffic by infecting the VCM user interface system itself.
VCM Security Guide
40
VMware, Inc.