Category: vSphere 4.1

vCenter 5.1 U1 Installation: Part 12 (VUM SSL Certificate)

Welcome to the vSphere 5.1 Update 1 VUM SSL certificate replacement procedures. In Part 11 we installed VMware vCenter Update Manager (VUM) 5.1 Update 1. Recently VMware released the vCenter Certificate automation tool, which helps lessen the pain associated with replacing the self-signed certificates with trusted certificates. I recommend you use that...

Automate VMware VMX Security Lockdowns

When building vSphere VM templates best practices would recommend that a number of security lockdowns be incorporated into the template. There are a variety of sources for recommended lockdowns, such as the VMware vSphere 4.1 Hardening Guide. But what if you already have VMs in production that you need to lock down, or...

Free vSphere Compliance Checker

Yippee..a free tool from VMware! This nice little tool runs compliance scans against vSphere hosts and compares the results to the VMware Hardening Guidelines. Almost a year ago I wrote a short blog announcing their hardening guide here. Since then, VMware released a hardening guide for vSphere 4.1, which you...

VMware VUM 4.1 U1 SSL Certificate Replacement

One of the continuing pain points with VMware vSphere is the unnecessarily complicated procedure to install trusted SSL certificates in ESXi, vCenter and VUM. Up until 4.1 Update 1 (released 2/10/11), VMware had no public procedures to update the VUM SSL certificate, over 1.5 years after vSphere 4.0 hit the streets. Plus...

Finally…strong ESX 4.1 root passwords. SHA512 baby!

Historically VMware has not used the strongest hashing algorithms to store root passwords on ESXi or ESX hosts. And to make matters worse, ESX/i 4.1 had a major security hole that was open for over four months, which you can read about here. The short story is that ROOT passwords...