Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
31323334353637383940
VCM Agent Systems and Managed
Machines
8
VCM Agent Systems and Managed Machines
This chapter describes security and hardening guidelines for what is possibly the largest part of your
security environment, the enterprise-wide body of managed machines that you monitor through VCM.
The VCM Agent is the software that is installed on each managed machine to collect configuration
information and securely return it to the VCM Collector. For security purposes, each managed machine
becomes its own trust zone, controlled by the domain and local machine administrator.
Trusting the VCM Agent on a Managed Machine
The VCM Agent is subject to the local security policies and security environment of its managed machine.
Agents do not trust other Agents, but do trust machines in the server zone, such as the Collector.
Server zone machines trust the Agent to manage and return machine configuration data, but the Agent is
not trusted as a source of data for making changes to any other machines or to your VCM configuration.
The trust by the server zone in the Agent depends on the protection of the following assets:
n
Agent executable code. Programs and libraries included in the VCM Agent installation kit. These kits
and updates are signed by the VMware Software Publisher Certificate.
n
Machine configuration. Local settings that activate the VCM Agent, grant it execution and data storage
rights, and allow it to use infrastructure services like networking and DNS.
n
Collected machine data. Settings the Agent acquires by inspecting the managed machine. Collected
data is transmitted to the VCM Collector.
n
Agent/Collector credentials. Certificates and private keys that the Agent and Collector use to
authenticate each other.
Using VCM to Manage Machines
After you install VCM, always use VCM to manage the machines in your security environment, which
includes installing and running the Agent on those machines. Do not allow unmanaged machines to run in
the security environment and affect the operation and security of other machines.
Machine Groups
In the security environment, use the machine group feature of VCM to organize and control the
configuration of systems. Machine groups make it easy to apply and synchronize security and hardening
settings across multiple systems.
VMware, Inc.
33