The Trusted Certificate Store Contains Reputable Certificates; The Enterprise Certificate Authorized Collection; Unauthorized (Private) Agents Are Not Allowed; Continuous Possession And Control Of The Agent - VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS Configuration
Vcenter configuration manager security environment requirements
Table of Contents
Advertisement
vCenter Configuration Manager Security Environment Requirements
11.4 The Trusted Certificate Store contains reputable certificates
The Agent validates up to two certificates while authenticating and authorizing a collector: a root certificate and an
Enterprise certificate. The VCM installation allows the customer to either create a single self-signed certificate to
serve as both root and Enterprise certificate, or to use a root certificate from an external public key infrastructure. In
either case, the root certificate is stored in the managed machine's trusted certificate store. A certificate, whether used
by VCM or not, must not be placed in that store unless it originates from an accountable certificate authority.
Presumably, a self-signed certificate is trustworthy. The reputability of other certificates can be established by
verifying the issuer's membership in the Microsoft Root Certificate authority program. The current membership is
listed at Windows Root Certificate Program Members http://support.microsoft.com/kb/931125.
Information about the admission criteria can be found at: Microsoft Root Certificate Program
http://technet.microsoft.com/en-us/library/cc751157.aspx.
11.5 The enterprise certificate authorized collection
The Agent sends collection results only to authorized collectors. A collector is authorized if its certificate is signed by
the Enterprise certificate authority. The initial Enterprise certificate is shipped with the Agent's installation kit,
however, this certificate can be replaced. An administrator must install an Enterprise certificate only if they authorize
every Collector certificate signed by that Enterprise certificate to access the collected data and effect change.
11.6 Unauthorized (private) Agents are not allowed
The managed machine administrator must not allow unauthorized Agents to execute, even if authentic. An Agent can
be installed using an authentic Agent installation kit, but not authorized to return data (for example, a non-
administrator's private Agent). As a guideline, only one Agent should be installed per managed machine, and it should
be the authorized Agent.
11.7 Continuous possession and control of the Agent
The administrator must main possession and control of the Agent host. Even if confidentiality is preserved, loss of
possession of an Agent is a threat. Continuous control of the managed machine must be maintained by physical
(possession, locks) or cryptographic (encrypted file system) means.
TECHNICAL WHITE PAPER / 24
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
Related Products for VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE CONTENT REPOSITORY TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - VCENTER DISCOVERED MACHINES IMPORT TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE REQUIEREMENTS GUIDE
- VMWARE VCM 5.3 - RECOVERY GUIDE
- VMware VC-SRM4-A - vCenter Site Recovery Manager
- VMware VC-VLM4-C - vCenter Lab Manager
- VMWARE VCENTER SERVER 4.0 - UPGRADE GUIDE UPDATE 1
- VMWARE VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
Need help?
Do you have a question about the VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS and is the answer not in the manual?
Questions and answers