Installation guide
VCM Installation Kits
3
VCM Installation Kits
Like the systems on which VCM runs, the software installation kits for VCM must be secured and
protected from tampering.
Sources for Installation Kits
Secure operation of VCM requires that its product software kit not be tampered with and that it is intact as
delivered by VMware. The best practice is to ensure that each kit is obtained directly from VMware, from
another secure and trusted source, or that it is verified.
VMware ships VCM and add-on products on CD/DVD and in packages signed by the VMware Software
Publisher Certificate. The kit can reach customer machines in the following ways:
n
Physical CD/DVD
n
Download from
http://downloads.vmware.com
n
ClickOnce download from the server zone
n
Agent push install by the Collector service
n
Patching Agent push by VCM Patching
n
Thin client user interface by HTTP
n
VCM Remote updates
n
Patching deployed patches and updates
n
VMware VCM software provisioning
n
SMS
n
Group Policy
n
VCM Remote Command file attachments
You can verify EXE and MSI installers with the chktrust.exe certificate verification tool from the Microsoft
Developer Network. Alternatively, you can verify using signtool.exe, also available from Microsoft.
Protecting Installation Kits
VCM installation kits that are stored on writable media must be protected from tampering before
installation. Authenticode signatures on installation kits are verified before installation. For example:
C:\> signtool verify /a /v "CMAgent<version>.msi"
VMware, Inc.
19