vSphere 8 Security Enhancements

-

Many of our customers have done vulnerability assessment (VA) on vSphere ESXi and often highlighted out the vulerable items such as SHA1 and TLS 1.0, etc. 

Some of it were there but not in used and we could not manually remove them such as SHA1, MD5, etc.

While some of them were to support lower version such as TLS 1.1 and 1.0. 

With vSphere 8, the security enhancement has made uplift to remove unwanted security bundles and as well to support only secured transport connection via TLS 1.2.

On top of that, it also added daemons to now run in their own sandboxes instead of in the hypervisor world needing higher permissions which were unneeded and prone to vulnerability attacks.

What is new for security is a timeout for SSH shell when enabled on ESXi host. So administrators, no longer are to leave the SSH shell connected for infinite time or even worse forgetting to disconnect and logout of the endpoint where they are connected to the ESXi shell.

Lastly, if your hardware used for ESXi 8.0 installation contain TPM 1.2 hardware, you will be notified but it does not prevent you from installating ESXi 8.0 or upgrading to it. TPM 1.2 is no longer supported.

In vSphere 8U2, vCenter Certificate Services which was introduced. Catch the video on how certificate can be renew and replace without a full service or appliance restart.

vCenter Server now not only support traditional Active Directory and LDAP but also with MFA with ADFS which was release in vSphere 7. But vSphere 8, it now also support Azure AD, Okta, Microsoft Entra ID and Ping Federate. Check out the doc.

Check out more of vSphere 8 security from this document. You can read some of the above mentioned in VMware Doc here.

Comments

Post a Comment

Popular posts from this blog

Why VMware or Why Not after Broadcom?

-
The Truth Yes, the news of VMware acquired by Broadcom has come to a realization. We cannot denied the truth since 22nd Nov 2023. Prior the acquisition, if you have made a multi-year purchase before that, you will have whatever you can consume after the acquisition. VMware after the acquisition has release new bundle of all their offerings and end the perpetual licensing offer to the market. The individual products are not make available and cannot be purchase as a standalone. But are offered via two bundle namely; VMware vSphere Foundation (VVF), VMware Cloud Foundation (VCF). Both of which are all subscription licenses. It also ends all sales and renewal of any perpetual licenses. Honestly, VMware has been trying to end its perpetual license and into subscription for the longest time. With the Broadcom acquisition, VMware has been one of the last major player that has moved to subscription license. Customer who are on VMware, has been enjoying the great pricing with no limit of cores
Read more

VMware Certifications Updates

-
Image
New changes are coming your ways for VMware certifications. A blog article just been release. 1. Prices of VCP, VCAP, etc. are all standardize to one single price, USD250. This is definitely beneficial for many especially those who are keen to persue the advanced level exam but having difficult to afford the exam fee which was much higher. 2. A mandatory course is no longer needed as an exam requirement. This will help many professionals who are experienced to get certified without having to go through boring course and spend to drag through the requirement.  Will this then bring down the certification value since course was required to ensure certified professional walk the talk as what they hold in credential? Answer to point 2, for people who are new and managed to pass the exam and get certified by other means, it can be identified easily. As the digital badges will be differentiated whether the exam was passed with a accompanied course or not. So during an interview, it can ident
Read more

VMware by Broadcom, A New Chapter Forward

-
With Broadcom acquisition of VMware completing in 22nd Nov, there have been lots of assumption made by many sources what will become of the business direction. Here are some of the updates that are publicly announced if you have not catch up on the news. To start with, VMware is now known as VMware by Broadcom and all originally VMware software will remain to be branded under VMware. The first announcement 27th November, Carbon Black is  now  an autonomous unit within Broadcom. In my opinion this is good news. I have seen not much integration on Carbon Black ever since acquired by VMware so with that move, it allows Carbon Black to innovate and do what they do best in Cyber security landscape. Next from the acquisition completion, there are many speculation on after the acquisition what will end up of End User Computing? With the  announcement  on 8th December, The End User Computing (EUC) division will be a diverse business. With that understanding, EUC division will operate on their
Read more