5.8
Table Of Contents
- VMware vRealize Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
trusted zone 41
HTTPS
secure connections 32
I
IE trusted zone
untrusted machines 41
Web host 41
IIS
metabase property, string 31
import, certificate 61
infrastructure
zone 12
installation
after system checks 23
agent 59
Agent 33
kits 19
kits, protected 19
single-server 28
single server 11
split configuration 28
M
machine configuration
access control 35
machines
dedicated server zone 23
untrusted, remove 41
maintenance 23
Makecert certificate tool 62, 64
management
certificate store output 69
UNIX agent certificate store 67
UNIX certificate store 67
MMC Certificates snap-in 46
N
network authority
unused accounts 46
network infrastructure
hosts 16
services 16
O
output, certificate store 69
P
patches 23
private
key erasure 46
unauthorized agents 35
protection
installation kits 19
SQLServer 29
unauthorized modification 35
Web browser 39
protocols
changing 59
public key infrastructure 50
R
remote
agent 20
client 20
renewal, certificate 56
replacement, certificate 57
risk
cross-site scripting 41
S
security
hosts 16
managed machines 36
servers 22
trusted data 36
server
authentication 49
security 22
server zone
external connection protection 29
machine 23
managed machines 23
trusted software 23, 42
services
network infrastructure 16
software
ClickOnce 20
unknown publisher 20
split installation 28
trusted zone 41
SSRS reports
require HTTPS 32
standards
certificates 51
store
certificate 36, 51, 67
system checks 23
system configuration files 35
T
tamper controls 34
TCP port block 29
TLS
Makecert certificate tool 62, 64
trusted
data 36
software 23, 42
zone, Web host 41
trusted zone security
customization 33
U
UDP port block 29
UI zone 12
machines 39
managed machines 23
trusted software 23, 42
unauthorized, private agents 35
UNIX agent
certificate store 67
UNIX agent certificate store 67
untrusted
machines, remove 41
publisher 20
unused network authority account 46
upgrade
Remote Client 20
80
VMware, Inc.
VCM Security Guide