Related Manuals for VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
Summary of Contents for VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
- Page 1 Configuration Manager Security Environment Requirements VMware VCM 5.3 WHITE PAPER...
-
Page 2: Table Of Contents
vCenter Configuration Manager Security Environment Requirements Table of Contents 1.0 Introduction to The Security Environment of VCM 2.0 Background Concepts 3.0 Secure Domain Infrastructure 3.1 Domain controller is trusted 3.2 Network infrastructure is secure 3.3 Network infrastructure services are available 3.4 'Trusted' certificates, certificate authorities, and certificate servers are trusted 3.5 Network infrastructure hosts are at least as secure as VCM 4.0 Hosting Environment... - Page 3 Configuration Manager Security Environment Requirements 7.1 VCM installation kits are obtained from VMware or secure sources 7.2 VCM installation kits are protected from tampering or verified 7.3 Unknown software publisher warnings during ClickOnce installations are not dismissed unless the publisher is VMware 7.4 Automatic upgrade of the VCM Remote Client is not used to install software...
- Page 4 vCenter Configuration Manager Security Environment Requirements 12.3 Accept only reputable software package publishers 12.4 Configure only trusted sources over secure channels 12.5 Take precautions when using VCM Software Provisioning Extensions 13.0 Proper Decommissioning 13.1 An installation of VCM is properly decommissioned before its hardware is repurposed or retired 13.2 Collector and Agent private keys used for TLS are not copied between machines 13.3 Enterprise certificate private key and IIS (for HTTPS) host private keys are transferred manually 29...
-
Page 5: Introduction To The Security Environment Of Vcm
vCenter Configuration Manager Security Environment Requirements 1.0 Introduction to The Security Environment of VCM VCM operates within the context of a security environment. This environment consists of host configuration, various personnel and usage assumptions, organizational security policies, configuration settings, and best practices. Ultimately all security requirements are met either by controls built into VCM that leverage the environment, or by controls built into the environment itself. -
Page 6: Background Concepts
Agents that inspect managed machines and return results in response to requests. In some installations there are also optional ancillary components such as an Agent proxy that works with VMware ESX, ESXi, and vSphere servers, an orchestration host that coordinates with service desk applications such as Remedy, VCM Remote service, Software Provisioning components, and alternate source file servers that store VCM installation kits and VCM Patching patches. - Page 7 SQL Server is installed on a database host separate from the Collector host. However, VMware strongly recommends that you select the default, single machine installation type because it will be the simplest to administer in the future. A split installation across two machines should be used only when required by your organization’s policy.
- Page 8 vCenter Configuration Manager Security Environment Requirements Infrastructure: Consists of domain controllers (DCs), routers, SMTP, DNS, and other infrastructural items. User Interface (UI): Consists of VCM user desktops. Server: Consists of the Collector service, VCM Remote service, IIS, web application, SQL Server, Orches- trator, and Agent proxy.
-
Page 9: Secure Domain Infrastructure
vCenter Configuration Manager Security Environment Requirements 3.0 Secure Domain Infrastructure VCM security environment requirements are divided into categories for the domain and infrastructure, hosting environment, personnel, host preparation, safeguarding installation kits, login roles, IIS preparation, SQL Server preparation, web browser preparation, Agent installation and maintenance, Software Provisioning, and proper decommissioning. -
Page 10: Network Infrastructure Hosts Are At Least As Secure As Vcm
vCenter Configuration Manager Security Environment Requirements A certificate in a 'trusted' store is in fact trusted Certificate authorities issuing certificates in a trusted store are trusted Certificate services managing certificates in a trusted certificate store and the associated renewals and cer- tificate revocation lists are trusted In particular, certificates that exist in the trusted store that were not issued in conjunction with VCM are still trusted by VCM. -
Page 11: Hosting Environment
vCenter Configuration Manager Security Environment Requirements 4.0 Hosting Environment This section describes the security environment that must be maintained on the hosts onto which components of VCM are installed. 4.1 VCM servers are secured and managed like network infrastructure VCM servers are hosts in the server zone. These hosts store and manipulate collected data and change requests for every managed machine. -
Page 12: Data Originating From A Managed Machine Is No More Trustworthy Than The Machine
vCenter Configuration Manager Security Environment Requirements Run operating systems that meet the CAPP Be patched to the latest security level Run anti-virus software 4.3 Data originating from a managed machine is no more trustworthy than the machine Managed machines have no prerequisite security requirements. Instead, the security of each machine determines the degree to which data originating from that machine can be trusted. -
Page 13: Personnel Selection And Training
vCenter Configuration Manager Security Environment Requirements 5.0 Personnel Selection and Training 5.1 VCM accounts are granted to users who are trusted, trained, and qualified as sys- tem and network administrators VCM is an Enterprise-wide configuration management and compliance tool. It is unsurpassed in its ability to collect, correlate and change system data on managed machines in the enterprise. -
Page 14: Beware Of Cross-Site Scripting Attacks
vCenter Configuration Manager Security Environment Requirements 5.5 Beware of cross-site scripting attacks Cross site scripting (XSS) allows an infected web site to attack a web application by injecting commands into the web application when the user temporarily browses to the infected site while still logged in to the web application. The malicious site returns hidden script and styles that invoke actions in the login session behind the user's back. -
Page 15: Host Preparation And Management
vCenter Configuration Manager Security Environment Requirements 6.0 Host Preparation and Management VCM relies on certain host services for correct operation. This section documents the services that impact VCM's ability to operate securely, and to preserve the confidentiality, integrity, and availability of data. Hosts in different zones have different requirements, as summarized in the following table: Host Zones and Requirements Requirement/Zone... -
Page 16: Sql Server Best Practices Are Followed
6.4 Only trusted software should be installed in the server zone Even if server zone hosts are dedicated to running VCM, extra software packages beyond those provided by VMware or Microsoft are likely to be needed. Only trusted software should be installed, preferably software accompanied and verified by a software publisher certificate. -
Page 17: Safeguarding Installation Kits
7.1 VCM installation kits are obtained from VMware or secure sources Secure operation of VCM requires that the product's software be untampered with and intact as delivered by VMware. VMware ships VCM and add-on products on CD/DVD in packages signed by the VMware Software Publisher Certificate. -
Page 18: Unknown Software Publisher Warnings During Clickonce Installations Are Not Dismissed Unless The Publisher Is Vmware
(one whose Software Publisher Certificate is not in the trusted software publisher's certificate store). Despite the warning, the user can still choose to allow the software installation. However, this should not be done unless the software publisher is VMware. VMware software is identifiable as signed with the VMware Software Publisher Certificate. -
Page 19: Iis Preparation
vCenter Configuration Manager Security Environment Requirements 8.0 IIS Preparation VCM IIS web service and virtual directories should be properly prepared as described in the following sections. 8.1 IIS set to use Windows integrated authentication for the VCM Web site root The interface to the VCM console is through a thin browser-based interface to an IIS served web application located at the /VCM virtual directory. -
Page 20: Sql Server Preparation
SQL Server database runs on a different host than that of the Collector and web services. This split configuration is available from VMware support. When using the split configuration, the web service can either use a private login to the SQL Server or the system can be configured to delegate the VCM user's credentials to the web service for use with SQL Server. -
Page 21: Web Browser Preparation
SPC. When this occurs, VCM users should verify the certificate is authentic and authorized by clicking the 'Details' tab of the dialog and verifying the information with VMware. The VMware Software Publisher Certificate is available at http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vcenter_ configuration_manager/5_0. -
Page 22: Customize Internet Explorer's Trusted Zone Internet Security Options
vCenter Configuration Manager Security Environment Requirements 10.5 Customize Internet Explorer's trusted zone Internet security options Enable Automatic logon with current username and password Disable Navigate subframes across different domains Disable Web sites in less privileged web content zone can navigate into this zone Disable Display mixed content Allowing Automatic logon enables IE to transfer credentials to machines in the trusted zone without user interaction. -
Page 23: Agent Installation And Maintenance
The Agent's executable code consists of the programs and libraries shipped in the VCM Agent installation kit. These kits and updates are signed by the VMware software publisher certificate described previously. The machine configuration is the local settings that activate the VCM Agent, grant it execution and data storage rights, and allow it to utilize infrastructure services like networking and DNS. -
Page 24: The Trusted Certificate Store Contains Reputable Certificates
vCenter Configuration Manager Security Environment Requirements 11.4 The Trusted Certificate Store contains reputable certificates The Agent validates up to two certificates while authenticating and authorizing a collector: a root certificate and an Enterprise certificate. The VCM installation allows the customer to either create a single self-signed certificate to serve as both root and Enterprise certificate, or to use a root certificate from an external public key infrastructure. -
Page 25: Software Provisioning Components
vCenter Configuration Manager Security Environment Requirements 12.0 Software Provisioning Components The VCM Software Provisioning components consist of Package Studio, Package Manager, and software package repositories. Figure 1: Software Provisioning components with respect to VCM trust zones. A software package provides the files and scripts necessary to install and remove programs. VCM Software Provisioning components support software installed using numerous installation technologies including .msi, and .exe packages. -
Page 26: All Published Packages Are Signed By Trusted Parties
Hosting Environment on page 12.3 Accept only reputable software package publishers VMware packages are signed by the VMware Software Publisher Certificate verifiable by Verisign. This certificate is available for download from: http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vcenter_configuration_manager/5_0 Customer packages (or re-packaging of VMware Software) should be signed by the SPC's of other reputable publishers and be verifiable by Package Manager at package installation time. - Page 27 vCenter Configuration Manager Security Environment Requirements If the managed machine or its local administrator is untrustworthy, there is a risk of loss of confidentiality of the network authority credentials during a software provisioning operation. This risk can be mitigated in several ways: 1.
-
Page 28: Proper Decommissioning
(a configuration that is not supported). VMware recommends you generate a distinct public/private key pair for each collector during the installation process. If TLS Mutual Authentication is being used, a distinct key pair should also be created for each Agent when the Agent kit is installed. -
Page 29: Enterprise Certificate Private Key And Iis (For Https) Host Private Keys Are Transferred Manually
vCenter Configuration Manager Security Environment Requirements 13.3 Enterprise certificate private key and IIS (for HTTPS) host private keys are trans- ferred manually If the Enterprise Certificate server is a Collector host being decommissioned, the private key must be transferred by exporting it using the MMC Certificate snap-in. -
Page 30: References
vCenter Configuration Manager Security Environment Requirements References Certificate Stores: http://technet.microsoft.com/en-us/library/cc757138(WS.10).aspx Controlled Access Protection Profile: http://www.niap-ccevs.org/cc-scheme/pp/pp.cfm/id/PP_OS_CA_V1.d Validated Products List: http://www.niap-ccevs.org/cc-scheme/vpl/ Products and Protection Profiles in Evaluation: http://www.niap-ccevs.org/in_evaluation/ National Institute of Standards and Technology Computer Security Resource Center: http://csrc.nist.gov/cryptval SQL Server 2005 Security Best Practices: http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426- 97d0-7f7151b2011c/SQL2005SecBestPract.doc Certificate Verification Tool (Chktrust.exe):... - Page 31 vCenter Configuration Manager Security Environment Requirements SQL Server 2008 Best Practices Analyzer Tool: http://www.microsoft.com/downloads/details.aspx?FamilyID=0fd439d7-4bff-4df7-a52f- 9a1be8725591&displaylang=en SQL Server 2005 Security Best Practices: http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426- 97d0-7f7151b2011c/SQL2005SecBestPract.doc Security Considerations for a SQL Server Installation: http://msdn.microsoft.com/en-us/library/ms144228.aspx SDelete v1.51: http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx TECHNICAL WHITE PAPER / 31...
- Page 32 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc., in the United States and/or other jurisdictions.