5.7
Table Of Contents
- VMware vCenter Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Software Provisioning Components
- Operating System Provisioning Components
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
Introduction to VCM Security
1
Introduction to VCM Security
To understand VCM security requirements, familiarize yourself with the overall security environment,
VCM components, VCM personnel roles, and trust zones.
VCM Security Environment
VCM operates in the context of a security environment, which involves system configuration, personnel
and usage assumptions, organizational security policies, and best practices. Security requirements are met
either by controls built into VCM that leverage the security environment or by controls built into the
environment itself. When a security requirement is not met, the confidentiality, integrity, or availability of
information assets that flow through the deficient system are at risk.
A healthy security environment assumes or provides certain guarantees:
n
Trust in, and training for, your authorized VCM users
n
Protection of VCM installation kits from tampering
n
Protection of current VCM systems from access by unauthorized users
n
Proper decommissioning of outgoing VCM systems
To establish proper security, you must prepare and apply security requirements across the following
equipment:
n
The server that acts as the VCM Collector
n
The VCM SQL Server and database system
n
The VCM Web server
n
The VCM user interface Web browser
n
Systems on which the VCM Agent runs
n
The domain, its supporting infrastructure, and user accounts
VCM Components
VCM is a distributed application with several physical and conceptual components:
VMware, Inc.
9