Installation guide
Contents
VMware Software Publisher Certificate 43
FIPS Cryptographic Service Providers 43
Running Anti-virus and Anti-rootkit Tools 43
Software Provisioning Components 45
Separating and Securing the Software Provisioning Zone 46
Software Publishers and Software Signing 46
Protection of Repositories 46
Connecting to Repositories 46
Software Provisioning Credentials 47
Operating System Provisioning Components 49
Separating and Securing the OS Provisioning Zone 50
Dedicating a Server to Operating System Provisioning 50
Closing Unnecessary Ports 50
Protection of Baseline OS Images 50
OS Provisioning Credentials 50
Decommissioning 53
Erasing versus Deleting 53
Confidential Data to Remove 53
Distinct Collector and Agent Keys 53
Enterprise Certificate Key and Web Server Keys 54
Removal of Agent Keys at Uninstallation 54
Network Authority Accounts 54
Erasing Server Disks 54
Erasing Virtual Machines 54
Authentication 57
Transport Layer Security 57
Server Authentication 57
Mutual Authentication 57
Keys and Certificates 57
Using Single or Paired Keys 58
Certificates 58
Public Key Infrastructure 58
Trust Chains 58
Certificate Expiration and Revocation 59
Certificate Standards 59
Certificate Storage 59
How VCM Uses Certificates 59
Enterprise Certificate 60
Collector Certificate 61
Agent Certificates 62
Installing Certificates for the VCM Collector 63
Installing Certificates on the First Collector 63
Certificates for Additional Collectors 64
Changing Certificates 64
Renewing Certificates 64
Replacing Certificates 65
Delivering Initial Certificates to Agents 66
Installing the Agent 66
Changing the Communication Protocol 67
Storing and Transporting Certificates 68
Access the Windows Certificate Store 68
Export a Certificate on Windows 68
Import a Certificate on Windows 69
VMware, Inc.
5