A couple of months ago I blogged about the draft version of the vSphere Security Hardening Guide. Yesterday VMware published the first official version. Keep in mind that any feedback is still highly appreciated and the document is still subject to change.
This document is the official release of the vSphere 4.0 Security Hardening Guide. This version is based on feedback collected during the public draft comment period. We will still be collecting feedback on this document — if there are any typos, errors, or changes, please add them to the comments below.
Overall, there are more than 100 guidelines, with the following major sections:
- Introduction
- Virtual Machines
- Host (both ESXi and ESX)
- vNetwork
- vCenter
- Console OS (for ESX only)
vSphere Hardening Guide April 2010.pdf (951.0 K) View Download
Edward Marshall says
In the guide it mentions disabling the web access feature.
Im keen to do this but i have heard some of the web components are required when running vCenters in linked mode…. Do you know if that’s true?