Installation guide
Introduction to VCM Security
1
Introduction to VCM Security
To understand VCM security requirements, familiarize yourself with the overall security environment,
VCM components, VCM personnel roles, and trust zones.
VCM Security Environment
VCM operates in the context of a security environment, which involves system configuration, personnel
and usage assumptions, organizational security policies, and best practices. Security requirements are met
either by controls built into VCM that leverage the security environment or by controls built into the
environment itself. When a security requirement is not met, the confidentiality, integrity, or availability of
information assets that flow through the deficient system are at risk.
A healthy security environment assumes or provides certain guarantees:
n
Trust in, and training for, your authorized VCM users
n
Protection of VCM installation kits from tampering
n
Protection of current VCM systems from access by unauthorized users
n
Proper decommissioning of outgoing VCM systems
To establish proper security, you must prepare and apply security requirements across the following
equipment:
n
The server that acts as the VCM Collector
n
The VCM SQL Server and database system
n
The VCM Web server
n
The VCM user interface Web browser
n
Systems on which the VCM Agent runs
n
The domain, its supporting infrastructure, and user accounts
VCM Components
VCM is a distributed application with several physical and conceptual components:
VMware, Inc.
9