Enterprise Certificate Private Key And Iis (For Https) Host Private Keys Are Transferred Manually; Server Zone Hosts Have Their Disks Removed And Transferred, Secured, Or Erased Before Decommissioning; Agent Private Keys Are Erased At Agent Install; Unused Network Authority Accounts Are Disabled Or Removed - VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS Configuration
Vcenter configuration manager security environment requirements
Table of Contents
Advertisement
vCenter Configuration Manager Security Environment Requirements
13.3 Enterprise certificate private key and IIS (for HTTPS) host private keys are trans-
ferred manually
If the Enterprise Certificate server is a Collector host being decommissioned, the private key must be transferred by
exporting it using the MMC Certificate snap-in. This should be done using Copy To File, selecting .pfx file format,
enabling strong protection, and selecting delete private key if export is successful. The resulting .pfx file can safely be
transported to the replacement machine over a network since the file is passphrase protected.
13.4 Server zone hosts have their disks removed and transferred, secured, or erased
before decommissioning
Server zone host disks contain data collected from and login credentials to managed machines. These disks should
15
not be discarded unless they are first sanitized by a disk erasure process like SDelete
. Using these disks with a
replacement Collector is a safe alternative that also preserves the previous collection results.
13.5 Agent private keys are erased at Agent install
When an Agent is uninstalled, its private key should be erased unless it is to be used with an updated Agent on the
same host. On Windows Agents, the MCC Certificates snap-in can erase both a certificate and its private key.
13.6 Unused network authority accounts are disabled or removed
When Collectors or Agents are decommissioned, any special Network Authority accounts created specifically for the
defunct machine are no longer necessary. The need for these accounts is described in the VCM Installation and
Getting Started Guide. The accounts must be disabled or removed when no longer required. This is done from the
VCM Administration panel and from the domain controllers.
TECHNICAL WHITE PAPER / 29
Advertisement
Table of Contents
Related Manuals for VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
Related Products for VMware VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE CONTENT REPOSITORY TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - VCENTER DISCOVERED MACHINES IMPORT TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE REQUIEREMENTS GUIDE
- VMWARE VCM 5.3 - RECOVERY GUIDE
- VMware VC-SRM4-A - vCenter Site Recovery Manager
- VMware VC-VLM4-C - vCenter Lab Manager
- VMWARE VCENTER SERVER 4.0 - UPGRADE GUIDE UPDATE 1
- VMWARE VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
Need help?
Do you have a question about the VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS and is the answer not in the manual?
Questions and answers