DefinIT

Can I secure #vROps?

vRealize-Operations-Manager-Logo_thumb.jpgThose of you used to using vSphere on a regular basis will already be aware of the hardening guide for ESXi and vSphere but what about vROps?

If the vROps appliance needs to be hardened there is already a VMware provided guide and tool to accommodate.

Secure configuration guide – http://pubs.vmware.com/vrealizeoperationsmanager-61/topic/com.vmware.ICbase/PDF/vrealize-operations-manager-61-secure-configuration-guide.pdf

“The documentation for Secure Configuration is intended to serve as a secure baseline for the deployment of vRealize Operations Manager.”

The Documentation covers the Virtual Appliance, Linux deployments and Windows deployments.

Update 6th April 2016 – https://my.vmware.com/web/vmware/details?downloadGroup=VR-HARDENING-200&productId=563

VMware vRealize Hardening Tool 2.0.0
The vRealize Hardening Tool automates the hardening activity by applying appliance-specific configuration changes to a system. For more information about hardening vRealize and on how to use the vRealize Hardening Tool

Generating a secure random password with vRealize Orchestrator (vRO/vCO)

vRealize OrchestratorIt’s a fairly common requirement when creating a new user to assign a randomly generated password, so during a recent engagement I wrote a little password generator to do that. I wanted to be able to chose whether special characters were used, and the length of the password – typically if the password doesn’t used special characters I would increase the length significantly!

Characters should be randomly picked from:

  • a-z
  • A-Z
  • 0-9
  • (optional) ASCII special characters

(more…)

Configuring a Guest wireless network with restricted access to Production VLANs

It’s a fairly common requirement – setting up a guest WiFi network that is secure from the rest of your LAN. You need a secure WLAN access for the domain laptops which has full access to the Server and Client VLANs, but you also need a guest WLAN for visitors to the office which only allows internet access. Since the budget is limited, this must all be accomplished via a single Access Point – for this article, the access point is a Cisco WAP4410N. (more…)