Книга: Mastering VMware® Infrastructure3
The Bottom Line
The Bottom Line
Create and apply roles and permissions in VirtualCenter Creating host and virtual machine alarms is a proactive way to be alerted to abnormal behavior for all four resource groups or state changes. Alarms can be applied to a single host, a virtual machine, or a group of either object in the VirtualCenter hierarchy.
Master It Company security policy dictates that access to VirtualCenter requires users to only be granted the rights necessary to perform their jobs.
Master It Create ESX Server user accounts.
Create users on the ESX Service Console Restricting which users and hosts can connect to an ESX Server is one of the most important security steps you can implement.
Master It Company security policy dictates that direct access to the Service Console must be restricted.
Master It Configure TCP wrappers to restrict host access to the Service Console.
Enable and disable services on the firewall The Service Console firewall is locked down by default for only those ports needed to provide management for virtualization. There are times when other ports will need to be opened using esxcfg-firewall.
Master It A security inspection requires an audit of the existing Service Console firewall configuration.
Master It Open the firewall for specific services or agents.
Use Kerberos authentication on ESX Server Kerberos authentication allows for Active Directory authentication of local ESX Server user accounts. This simplifies account management and centralizes user account security policies.
Master It Direct authentication to ESX Server hosts should be secured using an existing Active Directory infrastructure.
Audit and monitor important files Changes to Service Console files should be audited and monitored on a regular basis.
Master It A server failure results in a call to VMware support. The technician requests that you send information about your environment for further review.
Manage updates and patches with VMware Update Manager VMware Update Manager provides an integrated and easy-to- use utility for managing ESX Server host and virtual machine updates.
Master It You have just installed ESX 3.5 on seven new Dell Poweredge 2950 servers into a DRS/HA cluster. No virtual machines exist. You need to apply all updates immediately.
Master It Two days ago you added a new Dell Poweredge R900 server named silo3507 .vdc.local to a partially automated DRS/HA cluster. There are six virtual machines running on silo3507. You need to apply critical updates to silo3507.
Master It You have ten virtual machines that serve as domain controllers. You want to install all of the latest Windows updates on all ten virtual machines using VMware Update Manager. The installation of updates should not affect production during business hours of 9:00 AM to 5:00 PM. You want a 24-hour window of opportunity to remove the update.
Оглавление книги
