Browsed by
Category: Security

vSphere 6.5 – Secure Boot (ESXi and VMs)

vSphere 6.5 – Secure Boot (ESXi and VMs)

When new feature Secure Boot is enabled, the UEFI firmware validates the digitally signed kernel of an operating system against the digital certificate stored in the UEF firmware. For ESXi 6.5 this capability is further leveraged by the ESXi kernel, adding cryptographic assurance of ESXi components. ESXi is already made up of digitally signed packages, called VIB’s. (vSphere Installation Bundle) These packages are never broken open. At boot time the ESXi file system maps to the content of those packages….

Read More Read More

vSphere 6.5 – Encrypted vMotion

vSphere 6.5 – Encrypted vMotion

Another  good news is that You can encrypt the vMotion of any VM, encrypted or not – encrypted VM’s will always use encrypted vMotion : Disabled – do not use encrypted vMotion Opportunistic – use encrypted vMotion if source and destination hosts support it. Required -Allow only encrypted vMotion. Note !!!  Mixed cluster and you have a requirement of encrypted vMotion, then setting to “Required” will not let you vMotion to a host that doesn’t support it. (only vSphee ESXi 6.5…

Read More Read More

vSphere 6.5 – VM Encryption

vSphere 6.5 – VM Encryption

  Next new security  functionality in vSphere 6.5 – encryption is implemented via Storage Policies. If You add to the vm an encryption storage policy it will encrypt the disk. Key features: No modification within the Guest. VM Agnostic Guest OS DataStore HW Version Policy driven Encrypts both VMDK and VM files No access to encryption keys by the Guest Full support of vMotion Diagram below shows how it works:   Register a VM on a host and configure the (new…

Read More Read More

vSphere 6.5 – enhanced logging

vSphere 6.5 – enhanced logging

  vSphere 6.5 introduces audit logging, before vSphere 6.5  logs were more focused on finding root causes of a problem – not releate deep  to IT operations or security use cases. For example, if a virtual machine was reconfigured from one storage adapter to another in logs we would find only “Virtual Machine <name> reconfigured”.  But now logs which are coming from vCenter via Syslog will contain data from vCenter Events. These logs will clearly show “Before” and “After” setting…

Read More Read More

vSphere 6.5 Security Enhancements  

vSphere 6.5 Security Enhancements  

  In this article I will try to point most important security enhancements in recently released vSphere 6.5 platform.  As we can hear from “pre GA” sneak peek information VMware will build security in 3 areas: Secure access – logs monitoring and audit Secure infrastructure – hypervisor with minimal footprint = minimal attack surface and cryptographic option to provide SecureBoot Secure data – hypervisor-level encryption for VM data Let’s go deeper  into the  technology – below is a list of…

Read More Read More