Securing VMware vSphere

  • VMware ESXi 6.0
    • Add each VMware ESXi 6.0 host to Microsoft Active Directory (AD).
      • Create an ESX Admins group in Active Directory.
        • Add users or groups to this Active Directory group to allow them to authenticate the VMware ESXi 6.0 hosts.
      • Verify the time on the VMware ESXi 6.0 host is synchronized with the domain controller (DC).
      • Verify the VMware ESXi 6.0 host is able to resolve the AD domain name.
      • Verify the VMware ESXi 6.0 host is able to locate the domain controllers via DNS.
      • Verify the VMware ESXi 6.0 host is using the same domain suffix as the AD domain for it’s FQDN.
      • Test authentication to the VMware ESXi 6.0 host.
    • Patch the VMware ESXi 6.0 hosts on a frequent basis.
    • Verify the ESXi Shell is disabled.
    • Verify SSH is disabled.
  • VMware vCenter Server 6.0
    • Add a Microsoft Active Directory domain as an Identity Source in VMware vCenter Server.
    • Clone the Administrator role.
    • Add a Microsoft Active Directory group to the cloned Administrator role at the vCenter Server object to assign permissions (propagate to child items).