5.8
Table Of Contents
- VMware vRealize Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
Contents
HTTPS Certificate 42
VMware Software Publisher Certificate 43
FIPS Cryptographic Service Providers 43
Running Anti-virus and Anti-rootkit Tools 43
Decommissioning 45
Erasing versus Deleting 45
Confidential Data to Remove 45
Distinct Collector and Agent Keys 45
Enterprise Certificate Key and Web Server Keys 46
Removal of Agent Keys at Uninstallation 46
Network Authority Accounts 46
Erasing Server Disks 46
Erasing Virtual Machines 46
Authentication 49
Transport Layer Security 49
Server Authentication 49
Mutual Authentication 49
Keys and Certificates 49
Using Single or Paired Keys 50
Certificates 50
Public Key Infrastructure 50
Trust Chains 50
Certificate Expiration and Revocation 51
Certificate Standards 51
Certificate Storage 51
How VCM Uses Certificates 51
Enterprise Certificate 52
Collector Certificate 53
Agent Certificates 54
Installing Certificates for the VCM Collector 55
Installing Certificates on the First Collector 55
Certificates for Additional Collectors 56
Changing Certificates 56
Renewing Certificates 56
Replacing Certificates 57
Delivering Initial Certificates to Agents 58
Installing the Agent 58
Changing the Communication Protocol 59
Storing and Transporting Certificates 60
Access the Windows Certificate Store 60
Export a Certificate on Windows 60
Import a Certificate on Windows 61
Mark a Certificate as Authorized on Windows 61
Creating Certificates Using Makecert 62
Create the Enterprise Certificate and First Collector Certificate 63
Create Certificates for Additional Collectors 63
Importing Certificates for Additional Collectors 64
Makecert Options 64
Update the Collector Certificate Thumbprint in the VCM Database 66
Managing the VCM UNIX Agent Certificate Store 67
Using CSI_ManageCertificateStore 67
Supplemental References 73
Cryptography 73
FIPS for Windows 73
VMware, Inc.
5