Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
41424344454647484950
Public Access Points
Do not run the VCM user interface from public systems or from public Internet access points like kiosks or
Internet cafés.
Network traffic between the VCM user interface and VCM Web server is encrypted and mutually
authenticated. In spite of the safeguards, running VCM across the open Internet suggests that the VCM
user interface system is also being used for general Internet browsing and purposes other than
configuration management.
In particular, do not run the VCM user interface from public access points like kiosks or Internet cafés.
These locations expose the VCM user interface to threats and malicious attacks that circumvent secure
networking traffic by infecting the VCM user interface system itself.
Run the VCM user interface only on systems that are directly connected to your company network.
Cross-site Scripting
Cross-site scripting (XSS) allows an infected Web site to attack a Web application by injecting commands
into the Web application. The opportunity occurs when you temporarily browse to the infected site while
you are still logged in to the Web application. The malicious site typically adds hidden scripting and styles
that silently invoke actions in the application login session.
As a VCM user, minimize the risk of cross-site scripting attacks by taking these precautions:
n
Add the VCM Web server to the Internet Explorer trusted zone.
n
Never place untrusted machines in the trusted zone.
n
Do not allow links into the trusted zone.
n
Evaluate "enter trusted zone" and "exit trusted zone" messages from Internet Explorer.
n
Do not open external links that claim to be pointing to the VCM user interface.
n
Set Internet Explorer to transmit Windows login credentials.
n
Avoid direct VCM logins in favor of using the Windows login credentials.
n
Treat non-Windows login prompts with skepticism.
n
Do not use VCM while browsing the Internet in other browser windows or tabs.
Internet Explorer Trusted Zone
By using the Internet Explorer trusted zone, you can identify reputable sites that you visit regularly,
including the VCM user interface.
Adding the VCM Web Server
Add the VCM Web server to the Internet Explorer trusted zone. When you place the Web server in the
trusted zone, Internet Explorer can delegate the VCM user's Windows credentials to the Web service for
use with SQL Server when running in a split installation configuration. This setup is a requirement for
proper SQL Server preparation in split installations.
When you place the Web server in the trusted zone, users also can disable navigation into the trusted zone
from less privileged Internet Explorer zones, which reduces the exposure to cross-site scripting attacks and
makes some attacks more detectable.
VCM User Interface System
VMware, Inc.
41