Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
41424344454647484950
NOTE Initially, Internet Explorer asks you to review the details of self-signed certificates. It treats self-
signed certificates as suspicious until you add them to the trusted store.
Trusted SSL certificates are those that are issued by members of the Microsoft Root Certificate Program,
listed on the Microsoft Web site.
VMware Software Publisher Certificate
Some components of the VCM user interface that are downloaded to the browser as ClickOnce
deployments are signed by the VMware Software Publisher Certificate. When you activate these
components in the interface, Internet Explorer prompts you about trusting the software publisher
certificate and adding it to the trusted store.
Before adding it to the trusted store, verify that the certificate is authentic and authorized by clicking the
Details tab of the dialog box and verifying the information with VMware.
FIPS Cryptographic Service Providers
Most government and financial organizations require the use of FIPS cryptography. FIPS is also part of the
VCM Common Criteria Security Target. All cryptographic service providers (CSPs) installed in the zone
should be FIPS 140-validated.
The Microsoft CSPs that ship with Windows 2000, 2003, XP, Vista, Windows 7, and Server 2008 meet the
FIPS 140–2 standard. Do not delete, replace, or supplement these packages with non-FIPS cryptography.
All systems in this zone are Microsoft Windows-based. To view the list of installed cryptography
providers, run the following command:
C:\> certutil -csplist
Check your list against the National Institute of Standards and Technology (NIST) Computer Security
Resource Center (CSRC) Web site to verify that your modules are FIPS 140-validated.
Running Anti-virus and Anti-rootkit Tools
Systems on which you run the VCM user interface receive credentials and issue actions that affect
managed machines and the VCM configuration itself. As such, a virus or rootkit infection of a user
interface system is a serious threat to the confidentiality of the credentials used by VCM and of the
integrity of user interface actions.
You must run virus and rootkit detection software. In addition, run the Microsoft malicious software
detection tool on a routine basis. You can download the malicious software detection tool from the
Microsoft Web site.
VCM User Interface System
VMware, Inc.
43