Host Preparation And Management; Vcm Hosts Pass Foundation Checker Checks; Cryptographic Service Providers Are Fips-140 Certified - VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS Configuration

6.0 Host Preparation and Management

VCM relies on certain host services for correct operation. This section documents the services that impact VCM's
ability to operate securely, and to preserve the confidentiality, integrity, and availability of data. Hosts in different
zones have different requirements, as summarized in the following table:
Requirement/Zone
Cryptographic service providers are
FIPS-140 certified
SQL best practices are followed
(including use of firewall)
Only trusted software should be
installed in the server zone
Perform routine backups, patches,
and virus scanning

6.1 VCM hosts pass Foundation Checker checks

Before installing VCM, the VCM Foundation Checker should be run to ensure the host configuration is compatible with
VCM. Do not install VCM on platforms failing the foundation checking.

6.2 Cryptographic service providers are FIPS-140 certified

All cryptographic service providers (CSPs) installed on machines in the server zone should be FIPS 140-certified. The
use of FIPS cryptography is required by most government and financial organizations, and is part of the VCM
Common Criteria Security Target. The Microsoft CSPs shipped with Windows 2000, 2003, XP, Vista, Windows 7, and
2008 Server meet FIPS 140-2. The assumption is that these packages have not been deleted, replaced or
supplemented with non-FIPS cryptography. Since all server zone hosts are Microsoft Windows-based, you can view
the list of installed crypto providers by using 'certutil -csplist'. To verify that a module is FIPS 140-certified, check the
list at the National Institute of Standards and Technology Computer Security Resource Center.
vCenter Configuration Manager Security Environment Requirements
Host Zones and Requirements
Infrastructure
X
X
Server UI
X
X
X X
X X
5
TECHNICAL WHITE PAPER / 15
Agent
X