5.8
Table Of Contents
- VMware vRealize Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
Index
A
access 35
UI zone machines 39
accounts
domain 40
granted 17
agent
certificate 51, 54
install 58
installation 33
manual installation 59
one per machine 35
provisioning installation 59
UNIX certificate store 67
UNIX/Linux installation 59
zone 12
agent proxy
FIPS 75
asset classes 33
attacks
cross-site 41
cross-site scripting 41
authentication
server 49
authorized certificate 54, 61, 68
B
backups 23
best practices
firewalls 27
patching 27
physical security 27
service packs 27
SQL Server configuration 27
blocks
TCP and UDP ports 29
browser-based login 40
C
CAPP 22, 39
validated OS 22
certificate
agent 51, 54
authorized 54, 61, 68
collector 51, 53, 55
enterprise 36, 51
expiration 51, 56
export 60
import 61
key 45-46
renewal 56
replacement 57
store 36, 51, 67
UNIX agent store 67
Index
VMware, Inc.
79
classes of assets 33
ClickOnce software 20
collection
collector service 34
results 37
collector certificate 51, 53, 55
command line environment
certificate store 67
Common Criteria 22
confidential data 17
configuration files 35
control
access 35
tampering 34
controller, domain 15
cross-site scripting 41
D
data
confidential 17
source integrity 37
storage not public 17
trusted 36
decommission 45
dedicated
server zone machine 23
delegation with split installation 28
direct login 40
document root
require HTTPS 32
domain
account 40
controller 15
infrastructure 15
E
encryption algorithms 50
enhanced key usage extension 51
enterprise certificate 36, 51
expiration, certificate 51, 56
export, certificate 60
extensions
enhanced key usage 51
F
FIPS
agent proxy 75
Windows hardware 73
Foundation Checker 23
H
hardware
FIPS 73
host
decommission 45
security 16