Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Thursday, September 4, 2014
‘Unnamed VM’ could not initialize… The security ID structure is invalid (0x80070539)
Why does Grant-VMConnectAccess allow you to resolve this issue?
Excellent explanation is in this blog post.
Excellent explanation is in this blog post.
Wednesday, November 14, 2012
All VMware security guidelines in one place
Just for quick search :)
http://www.vmware.com/support/support-resources/hardening-guides.html
Update: vSphere 5.1 Hardening Guide Release Candidate has been announced
http://www.vmware.com/support/support-resources/hardening-guides.html
Update: vSphere 5.1 Hardening Guide Release Candidate has been announced
Tuesday, April 24, 2012
Interesting Virtual News and Posts - #3
virtuallyGhetto: vSphere Security Hardening Report Script for vSphere 5
William has upated his script that allows you to check your vSphere infrastructure hardening. It includes new requirements from vSphere 5.0 Security Hardening Guide (public draft).
Well, the fact of the publishing of public draft vSphere 5.0 Security Hardening Guide is interesting news also :)
Here is a document with changes between 4.1 and 5.0.
VMware ESXi 5 snapshot changes
Vmware View 5.1 Rumours: new version will be released on May 9th.
Creating and Reviewing Windows crash dumps in VMware virtual machines
RVTools is a windows .NET 2.0 application which uses the VI SDK to display information about your virtual machines and ESX hosts. Interacting with VirtualCenter 2.5, ESX Server 3.5, ESX Server 3i, ESX Server 4i, VirtualCenter 4.0, ESX Server 4.0, VirtualCenter 4.1, ESX Server 4.1, VirtualCenter 5.0, VirtualCenter Appliance or ESX Server 5 RVTools is able to list information about VMs, CPU, Memory, Disks, Partitions, Network, Floppy drives, CD drives, Snapshots, VMware tools, ESX hosts, HBAs, Nics, Switches, Ports, Distributed Switches, Distributed Ports, Service consoles, VM Kernels, Datastores and health checks. With RVTools you can disconnect the cd-rom or floppy drives from the virtual machines and RVTools is able to update the VMware Tools installed inside each virtual machine to the latest version.
William has upated his script that allows you to check your vSphere infrastructure hardening. It includes new requirements from vSphere 5.0 Security Hardening Guide (public draft).
Well, the fact of the publishing of public draft vSphere 5.0 Security Hardening Guide is interesting news also :)
Here is a document with changes between 4.1 and 5.0.
VMware ESXi 5 snapshot changes
Post describes some traits of ESXi 5 snapshots.
Instructions: how to create memory.dmp from from the running virtual machine with Windows
Monday, April 16, 2012
Interesting Virtual News and Posts - #2
Hotlink SuperVISOR – vCenter for Hyper-V, KVM, and XenServer
Hotlink announced a new version of its SuperVisor solution. Hotlink 1.5 allows you to manage vSphere, Microsoft Hyper-V, Red Hat KVM, and Citrix XenServer all from within you vCenter console. Additionally, Hotlink 1.5 adds the following extremely useful functinality:
- Snapshot Manager – Administrators can create, utilize, and manage cross-platform snapshots inside the VMware vCenter console – providing a single point of management for heterogeneous virtual machines
- Template Manager – Users are able to create and deploy a single template across all target hypervisors, eliminating the time-consuming and inefficient process of building and maintaining platform-specific virtual machine templates
- Homogenous Live Migration – VMware vCenter is now extended to provide live migration (e.g. vMotion) of Hyper-V, XenServer, and KVM virtual machines within homogeneous clusters – enabling the robust VMware management capabilities to be utilized for cross-platform, critical workloads
-----------------
The tool can convert VM’s and VMware Virtual Disks (VMDKs) from vSphere 4.1 and 5.0 to Windows Server 2008 R2 SP1 Hyper-V and Hyper-V Server 2008 R2 SP1, uninstalling the VMware tools and installing the Hyper-V integration services while converting. It also supports offline conversion from VMDK to the Microsoft VHD format.
-----------------
Extracting SSL Thumbprint from ESXi
-----------------
Extracting SSL Thumbprint from ESXi
3 methods to avoid mistakes during the inventory of SSL Thumbprints.
-----------------
VMware vSphere 5 Memory Management and Monitoring diagram
-----------------
VMware vSphere 5 Memory Management and Monitoring diagram
VMware published the VMware vSphere 5 Memory Management and Monitoring diagram that provides a comprehensive look into the ESXi memory management mechanisms and reclamation methods.
-----------------
vSphere Security Hardening Policy and SRM 5Post describes issue with Site Recovery Manager 5.0 that requires to have VIX API enabled on all virtual machines. But this option should be disabled according to the VMware Security Hardening Guide. The author has organized a survey to see whether it can be a problem for you.
-----------------
That's just funny (useful dialog in vCenter)
-----------------
vSphere Security Hardening Policy and SRM 5Post describes issue with Site Recovery Manager 5.0 that requires to have VIX API enabled on all virtual machines. But this option should be disabled according to the VMware Security Hardening Guide. The author has organized a survey to see whether it can be a problem for you.
-----------------
That's just funny (useful dialog in vCenter)
Tuesday, January 17, 2012
Free tool to check VMware ESX/ESXi compliance
I'm pleasure to announce that we have released new version of vGate Compliance Checker (update June 25 2015: now we have Russian version only).
Compliance checker is a free reporting tool that allows you to verify whether your virtual environment complies with industry standards for information security: PCI DSS 2.0, CIS VMware ESX Server Benchmark, VMware Security Hardening Best Practices.
It is distributed as a single executable – no installation or registration is required.
Supported VMware product versions:
VMware vSphere 4 (Update 2)
VMware vSphere 4.1 (ESX & ESXi)
VMware vSphere 5.0
Enjoy :)
Friday, June 3, 2011
Manage ESXi Lockdown Mode from DCUI
If your VMware ESXi 4.0 & 4.1 servers are joined in VMware vCenter Server infrastructure then you can enchance security for these hosts. Follow on VMware Security Hardening you need to enable Lockdown Mode to restrict root access (HCN02 requirement).
Lockdown mode forces all operations to be performed through vCenter Server (you can continue to use Direct Console User Interface aka DCUI to manage host).
VMware Security Hardening guide notes that lockdown mode can be enabled or disabled in two places:
• In the vSphere Client, when connected to the vCenter Server managing the host
• In the DCUI of the host
In ESXi 4.0:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_is_enabled
To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_enable
To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_disable
In ESXi 4.1:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled
To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_exit
To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_enter
See VMware kb to more details
Lockdown mode forces all operations to be performed through vCenter Server (you can continue to use Direct Console User Interface aka DCUI to manage host).
VMware Security Hardening guide notes that lockdown mode can be enabled or disabled in two places:
• In the vSphere Client, when connected to the vCenter Server managing the host
• In the DCUI of the host
In ESXi 4.0:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_is_enabled
To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_enable
To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_disable
In ESXi 4.1:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled
To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_exit
To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_enter
See VMware kb to more details
Subscribe to:
Posts (Atom)