Sql Server Best Practices Are Followed; Only Trusted Software Should Be Installed In The Server Zone; Perform Routine Backups, Patches, And Virus Scanning - VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS Configuration

vCenter Configuration Manager Security Environment Requirements

6.3 SQL Server best practices are followed

Direct login to the VCM SQL Server database bypasses the UI and its administrative controls. VMware recommends
using a host or network firewall to prevent direct SQL Server login. In addition, customers should follow the SQL
Server Security Best Practices when configuring the database instance that will store VCM data. These are available
6
in the SQL Server 2005 SP3 Security Features and Best Practices.

6.4 Only trusted software should be installed in the server zone

Even if server zone hosts are dedicated to running VCM, extra software packages beyond those provided by VMware
or Microsoft are likely to be needed. Only trusted software should be installed, preferably software accompanied and
verified by a software publisher certificate. It is unsafe to use software of unaccountable origin on machines in the
VCM server and UI zones.

6.5 Perform routine backups, patches, and virus scanning

Routine host maintenance functions like backups, patches, and virus scanning should be performed on VCM hosts.
Since UI and server zone hosts can also be managed machines, VCM itself provides the means for performing these
functions.
TECHNICAL WHITE PAPER / 16