Why patching your vSphere infrastructure is just not enough

In recent discussions on why should one use a compliance and security scanner for vSphere I more than once heard a straight opinion: Why should we pay another tool. We have VUM already and just keep our vSphere cluster(s) up to date.

This opinion neglects several crucial facts about vSphere as well as any other software: Not every bug is patched once found right away. Sometimes known vulnerabilities linger for months until they are patched. In addition, some of the problems just cannot be solved by the software provider, VMware in this case.

Let me use two examples to point that out. Continue reading “Why patching your vSphere infrastructure is just not enough”

VCSA HA – What is it good for?

Once upon a time Edwin Starr (and later Bruce Springsteen) raised that question – ..well kind of. ūüėČ

With the increasing popularity of virtual desktop infrastructures (VDI) the role of the virtual center has become much more important. In the beginning of virtualization vCenter was a tool to configure and control your ESX hosts and virtual machines. If it went down for maintenance or failure it wasn’t a serious problem. Your server-VMs still kept running.

VDI turned out to be a game changer. If your vCenter goes offline, users can no longer log into their deskstops. This makes vCenter maintenance a tricky task. It can’t be done during business hours and even late at night or on weekends there are remote users who want to log into their virtual desktops. Or think about employees working in different timezones. In some companies the sun never sets on vCenter. Continue reading “VCSA HA – What is it good for?”

Runecast-Analyzer 1.5 – Hands-on

VMware ver√∂ffentlich in regelm√§√üigen Abst√§nden neue Artikel in der VMware-Knowledgebase. Dar√ľber hinaus gibt es Hardening-Guides und Best-Practises Guides, deren Inhalt immer wieder aktualisiert und angepasst wird. Hier verliert man schon einmal den √úberblick, welcher der ESXi-Hosts noch im Einklang mit den Guides, oder den KB-Artikeln ist. Er war es vielleicht zum Zeitpunkt der Installation, aber inzwischen k√∂nnen sich viele Dinge ge√§ndert haben.

Auftritt Runecast-Analyzer

Hier kann der Runecast-Analyzer ein wertvolles Hilfsmittel sein. Er analysiert automatisch vCenter und ESXi-Server, vergleicht die Installation gegen aktuelle KB-Artikel, Hardening-Guides und Best-Practises Guides.

Die Installation ist recht einfach. Die Runecast-Appliance wird im Cluster bereitgestellt und mit dem vCenter verbunden. Soviel zur Konfiguration. Seit der Version 1.5 können auch mehrere vCenter mit der Runecast-Appliance verbunden werden.

Die Analyse erfolgt nicht in der Cloud, sondern im eigenen Datacenter. Es werden also keine vertraulichen Daten an Dritte weitergegeben. Continue reading “Runecast-Analyzer 1.5 – Hands-on”