Installation guide

VCM Collector Server

The following sections describe security and hardening guidelines that are unique to the VCM Collector

function by itself. The Collector might be the same machine as the one that hosts the database or the Web

server, or it might be a standalone system.

Using VCM to Manage the Collector Server

After you install VCM, use it to manage the Collector server itself, subject it to assessment, and maintain

its integrity. Running the following VCM compliance template against the Collector detects and identifies

some of the security setting and configuration issues that you must address, including non-VCM

administrators who have access to systems and administrator functions.

VMware vCenter Configuration Manager Hardening - Host

NOTE If you have VCM installed and are preparing to set up another Collector, running the template can

help you preharden the candidate system.

Having a Collector Machine Group in VCM

To better manage Collector systems, place them into a separate, dedicated Collector machine group in

VCM, and make sure that the machine group is not authorized to any nonadministrator VCM user.

Without a machine group, you might mix VCM Collector management with non-VCM servers, which can

result in the misconfiguration of necessary security settings.

Managing the right group of Collectors allows them to be assessed routinely by the VCM security

assessment compliance tests and monitored for configuration and change. These tests and changes can be

managed and tracked through VCM.

If you do not organize all Collectors into a machine group, it is harder for VCM to assess, track, and

control the security posture of the Collectors. Also, if a new Collector comes under VCM management, it

might be incorrectly placed into a machine group that is managed by nonadministrator VCM users.

The remaining Collector hardening steps are the same as those that you apply for all server zone systems.

See "Server Zone Security" on page 21.

VMware, Inc.