Setting up a vSphere infrastructure to host cloud environments is not just as simple as making sure the right hosts are running the right virtual machines. You’ll probably also want to conduct compliance testing to make sure that your environment is compliant with current security regulations that apply to your organization. In this article, you’ll read how VMware can help.
VMware offers free compliance testing tools that focus on two areas. There is a
Using the tools is easy, just download and install them on a Windows workstation. Next, enter up to five machine names or IP addresses you want to check and then click Assess Compliance. The checker will then perform compliance testing and show which rules have matched and which have not.
The PCI DSS 2.0 standard gives an overview of security recommendations for the platform you’re using. Some tools and services on specific platforms are known to be unsafe and these are all listed in the PCI DSS 2.0 standard. Examples include the rsh and finger services on the Linux platform, which can allow outside parties to more easily access your system and request sensitive data. You can get a complete list of the items that these tools check for from the help section in the Compliance Checker application. Once completed, the compliance checker gives an overview of all potential security problems, which allows the administrator to easily identify and fix issues.
The list of items the compliance testing checks is a result of the research conducted by the VMware Compliance Center . This center gives an overview of the research that VMware is performing to make sure that its products can maintain security in a virtual environment. In your search to optimize security and compliance, it is a good idea to look at the white papers listed on the Resources tab in the Compliance Center.
VMware believes that implementing regulatory compliance should be easier in a virtualized environment, and you can see this in some of its products. VCenter Configuration Manager makes it easier to implement the same policies on all virtual machines, which often is much harder to do on separate physical servers.
However, maintaining regulatory compliance requires diligence beyond what automated tools can do for you. It is also important to use good administrative policies and lay out protocols to describe how certain tasks need to be approached in a virtualized environment. In the VMware Compliance Center you can find all current information sources that help you in asking the right questions.
This was first published in June 2012