Table of Contents
Advertisement
4.0 Hosting Environment
This section describes the security environment that must be maintained on the hosts onto which components of VCM
are installed.
4.1 VCM servers are secured and managed like network infrastructure
VCM servers are hosts in the server zone. These hosts store and manipulate collected data and change requests for
every managed machine.
As such, these servers should adhere to the following requirements:
Servers should not be open to general users.
l
Servers should be protected from the open Internet by firewalls.
l
Servers should be completely trusted by managed machine administrators.
l
Operating systems on these servers should be updated to the most recent current patch level.
l
Servers should be backed-up on a routine basis.
l
Each server should be running an operating system with mandatory user logins enabled.
l
If infrastructure hosts like domain controllers are managed by VCM, hosts in the server zone should be treated and
managed with measures consistent with those used for the infrastructure.
Each VCM server should also be running an operating system that conforms to the Common Criteria Controlled
Access Protection Profile (CAPP)
Access to the host is protected by a certified authentication process
l
User data is protected from other users
l
Security functions of the operating system are protected from unauthorized changes
l
Windows 2000, 2003, XP, and Vista, 2003 Server, and 2008 Server conform to the CAPP
2008 Server R2 are in evaluation as of November 2009.
4.2 UI Zone machines should be subject to access controls
The hosting environment for machines in the UI zone is less stringent than in the server zone. UI machines do not
need to be protected by firewalls or isolated from the Internet. However these machines should still:
vCenter Configuration Manager Security Environment Requirements
2
. The CAPP ensures that:
4
3
. Windows 7 and Windows
TECHNICAL WHITE PAPER / 11
Advertisement
Table of Contents
