VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Guide d'installation Page 15
- Page / 90
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Domain Infrastructure
2
Domain Infrastructure
Securing the domain infrastructure for use with VCM involves configuring the domain controller,
network infrastructure services, network infrastructure systems, certificates, accounts, and personnel.
Using VCM to Manage Infrastructure Zone Systems
After you install VCM, your first course of action should be to manage infrastructure zone systems in
VCM and subject them to assessment. VCM comes with compliance rules for domain controller best
practices, domain controller health, and other settings that are valuable in domain infrastructure zones. In
addition, you can create your own templates and rules.
The rest of this chapter briefly explains the infrastructure zone security hardening steps to pursue, either
manually or, if possible, through compliance rules.
Infrastructure Zone Machine Group
For the settings that you can apply using VCM, having the infrastructure systems in their own, dedicated
machine group provides a way of managing the systems and synchronizing their settings.
For example, you prevent non-VCM administrators from having administrator access to infrastructure
systems by placing all infrastructure systems in the dedicated machine group and configuring the group to
be accessible only to VCM administrators.
Domain Controller
VCM relies on a domain controller in order to perform the following functions:
n
Authenticate VCM users
n
Discover machines to manage
n
Enumerate domain group members
n
Run VCM services under Network Authority accounts
n
Authenticate administrators who control the systems on which VCM and its databases are installed
As the VCM installer and administrator, you identify the domain controller in VCM when you install,
discover domain controllers, add new Network Authority accounts, or add VCM users.
CAUTION Do not authorize VCM accounts to principals authenticated by an untrusted domain
controller, and do not join VCM servers to an untrustworthy domain.
VMware, Inc.
15
- Security Guide 1
- Copyright 2
- Contents 3
- Web Server 31 4
- VCM User Interface System 39 4
- Decommissioning 53 5
- Authentication 57 5
- Supplemental References 81 6
- Index 87 6
- About This Book 7
- VCM Security Guide 10
- VMware, Inc 10
- How Personnel Use VCM 11
- Trust Zones 12
- Introduction to VCM Security 13
- Domain Infrastructure 15
- Domain Accounts 16
- Personnel Considerations 17
- VCM Installation Kits 19
- Server Zone Security 21
- Protection Profiles 22
- Physical Security 22
- Disabling Automatic Login 22
- VCM Collector Server 25
- SQL Server 27
- Direct SQL Server Login 28
- Login Accounts for SQL Server 28
- Web Server 31
- Using HTTPS 32
- Web Server Certificates 32
- VCM Agent Systems and Managed 33
- Machines 33
- VCM Agent 34
- Unauthorized Agents 35
- Local Administrator Account 35
- BIOS Password 35
- Disabling Alternative Startup 35
- Maintenance Mode 35
- Trusted Certificate Store 36
- Enterprise Certificate 36
- Trustworthiness of Data 36
- Individual CollectionResults 37
- VCM User Interface System 39
- Access Control 40
- Cross-site Scripting 41
- Trusted Software 42
- Verifying Certificates 42
- Protection of Repositories 46
- Connecting to Repositories 46
- Closing Unnecessary Ports 50
- OS Provisioning Credentials 50
- Decommissioning 53
- Network Authority Accounts 54
- Erasing Server Disks 54
- Erasing Virtual Machines 54
- Authentication 57
- Using Single or Paired Keys 58
- Certificates 58
- Public Key Infrastructure 58
- Trust Chains 58
- How VCM Uses Certificates 59
- Collector Certificate 61
- Agent Certificates 62
- First Contact 63
- Changes to Agent Certificates 63
- Changing Certificates 64
- Replacing Certificates 65
- Installing the Agent 66
- Installing Using Provisioning 67
- Makecert Options 72
- Option Description 73
- Environment Variables 75
- Supplemental References 81
- Export Considerations 83
- VCM Ports 84
- Port Transport Usage 85
Produits connexes et manuels pour Logiciel VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
(150 pages)© 2020, manymanuals.fr. Tous droits réservés | 2.821 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels