Aug 19

The scenario is this, you want to create a Host profile with vProfile and then have that profile applied to all new servers as they come online. We will use the VMware Host Hardening Guidelines as our example vProfile. We will then schedule this for all the existing hosts and then use this for any new hosts that come online.

Let’s start by using the default ESX_DISA_SECURITY Profile that comes with vProfile.

  1. Launch Configuration Management, in the VMC.

  2. Select Host > Profiles
    1. Bind a Profile to a Host > Click Profiles

    2. Select the desired Profile.

    3. Now create the Host Binding:

    4. Continue reading »

written by Tommy Speigner \\ tags: , , , ,

Jun 29

In my previous post I talked about what PVLANs are and how to create secured PVLANs utilizing the Reflex VMC vTrust technology.  After reviewing the post I realized that some might ask for more in-depth understanding of how we accomplish this, why this is different from doing it in the past, and what other options are available for creating these PVLANs.  PVLANs have two major type classifications: isolated and community.  Basically, what happens in an Isolated PVLAN is that hosts can talk out of or receive communication directly to the VM but the other VMs that are part of the defined Zone have no intra communication.  Whereas, community PVLANs allow intra and inter communications between outside hosts and internal zone VMs. 

Why would you want to have a community zone?
Continue reading »

written by Tommy Speigner \\ tags: , , , , , ,

May 11

Virtualized PVLANs

We have a dilemma…  A customer wants to create a PVLANs (Private Virtual LANs) in their virtual environment.  If you aren’t familiar with PVLANs, read what Cisco says they are: “A PVLAN is a VLAN with configuration for Layer 2 isolation from other ports within the same broadcast domain or subnet. You can assign a specific set of ports within a PVLAN and thereby control access among the ports at Layer 2.” With certain Cisco switches you can set up PVLANs to allow or deny the traffic between those two hosts in the same subnet.

Continue reading »

written by Tommy Speigner \\ tags: , , , , , ,