Courses
Courses Designed For Beginners, Seasoned IT Pros & Everyone In Between
VMware vSphere Security Design
View All CoursesThe goal of this course is to take you beyond basic implementation, configuration, and administration of VMware vSphere and teach you the skills needed to properly secure a vSphere environment. You’ll learn information security and risk management concepts, how virtualization affects security, guidelines and best practices for securing a virtual environment, and securing virtual machines. This course is recommended for those who have existing VMware vSphere knowledge who want to enhance their security knowledge.
Lessons
-
Lesson Clips
- Introduction
- Why vSphere Security is Critical Knowledge
- What You Will Learn in This Course
- Lab Setup
- What We Covered
-
Lesson Clips
- Introduction
- About Jason Nash
- About Lane Leverett
-
Lesson Clips
- Introduction
- The Many Layers of Security in a Virtual Environment
- The Fundamentals: A Security Primer
- AAA Authentication, Authorization, and Accounting
- Standard Terminology
- CIA: Confidentiality, Integrity, and Availability
- The Different Shapes and Sizes of Potential Attackers
- The Steps of an Attempted Attack
- The Process for Developing and Maintaining Good Security
- Security Tools
- What We Covered
-
Lesson Clips
- Introduction
- Is Virtualization Secure?
- Is The Hypervisor a Security Weakness?
- Encapsulation
- Common Worries About virtualization Security
- Types of Security Threats
- Impact of Virtualization of Security
- What is VMware Doing About Security?
- Regular Tasks a Good Admin Should Perform
- What We Covered
-
Lesson Clips
- Introduction
- What Do I Need to Protect What?
- Pairing Assets to Security Technology
- vSphere Authentication
- Who Has Access to Your Environment?
- Creating Local VSphere Users
- VSphere Host Authentication
- Integration with Active Directory
- The VI Firewall
- Integrating Security in with the Hypervisor by Using VMsafe
- Using vShield to Secure Application and Guests
- Keeping Hosts and Guests Updated with Update Manager
- What We Covered
-
Lesson Clips
- Introduction
- Deployment Types for Different Trust Zones
- Partially Collapsed with Separate Physical Trust Zones
- Partially Collapsed with Separate Virtual Trust Zones
- Fully Collapsed Trust Zones
- Top 10 Common Mistakes and Recommendations
- Security Considerations with the Standard vSphere vSwitch
- Security Considerations with the vSphere vdSwitch
- Layering Additional Functionally with the Cisco Nexus 1000v
- Protecting Your Management Communications
- Isolating Management
- What We Covered
-
Lesson Clips
- Introduction
- Security Considerations in Your vNetwork Design
- Configuring the vNetwork for Different Trust Zones
- Implementing VLANs and Network Separation
- Using and Configuring Private VLANs (PVLANS)
- vSwitch Security Configuration
- Using and Configuring the vSphere dvSwitch
- Overview of the Cisco Nexus 1000v Distributed Switch
- Deployment and Configuration of the Cisco Nexus 1000v Distributed Switch
- Configure Physical Ports and VM Port-Groups
- What We Covered
-
Lesson Clips
- Introduction
- An Overview on How SSL Works and Why We Use It
- How VMware Uses SSL
- Example of an SSL Negotiation
- Let’s Talk About Digital Certificates
- Getting Rid of That Annoying SSL Warning when I Log in to vCenter!
- Using Internal Versus Generating “Real” Certificates
- Protect Your Certificates!
- Installing Your Own Certificates
- About the Digital Certificate Files
- How to Replace Existing SSL Certificates
- What We Covered
-
Lesson Clips
- Introduction
- Authentication, Authorization, and Accounting with vCenter
- Best Practices for Deploying and Protecting vCenter
- Hardening the Underlying Operating System
- Don't forget the vSphere Client!
- Monitoring the vCenter Logs
- What We Covered
-
Lesson Clips
- Introduction
- Why is ESXi More Secure Than ESX Classic – or is It?
- The Virtualization Layer, Virtual Network Layer, and Virtual Machine Layer
- What is the Service Console/Management Interface and Why Does It Need to Be Secured?
- What We Covered
-
Lesson Clips
- Introduction
- Common Security for All Protocols
- Fiber Channel: Zoning and LUN Masking
- iSCSI: CHAP and LUN Masking
- NFS (Network File System)
- What We Covered
-
Lesson Clips
- Introduction
- ESX Hardening – User and Group Configuration
- Sudo
- Customize SSH
- Secure ESX Web Proxy
- Configuring Password Policies
- Configure the ESX Firewall
- ESXi Hardening – Enabling ESXi Lockdown Mode
- Tech Support and Remote Tech Support Configuration
- Common Hardening – Isolate the ESX/ESXi and vCenter Management Networks
- Enabling Certificate Checking in vCenter
- Configuring CA Signed Certificates
- Configure SSL Timeouts
- What We Covered
-
Lesson Clips
- Introduction
- Virtual Machine Isolation
- Virtualization Security Enablers
- Virtualization Security Challenges
- Operating System Security Best Practices
- What We Covered
-
Lesson Clips
- Introduction
- Use a Firewall or Access Control Lists
- Use an Antivirus Solution
- Use VMware Update Manager
- Limit Who Has Console Access
- Do Not Use the VMCI if Possible
- Isolate VMotion and/or FT Networks
- Use vCenter Roles
- Use Virtual Machine Log Rotation
- Turn off or Disable Unneeded Services
- Turn on Auditing and/or Logging
- What We Covered
-
Lesson Clips
- Introduction
- How Host Profiles Help Secure ESX/ESXi
- What is Supported with Host Profiles
- What is Not Supported with Host Profiles
- Create, Apply, and Check Compliance with a Host Profile
- What We Covered
-
Lesson Clips
- Introduction
- Using VMware Update Manager (VUM) to Help Secure ESX/ESXi and VMs
- Deployment Options for Update Manager
- What We Covered
-
Lesson Clips
- Introduction
- Monitoring Log Files for Security
- Where vSphere Stores Local Log Files
- Using Syslog for Logging Repository
- How to Monitor and Retain Log Files for Auditing Purposes
- Using vCenter Alarms for Security Monitoring
- Monitoring vSphere Configuration Files
- Aggregating Log Files – A Demo of Splunk
- What We Covered
-
Lesson Clips
- Introduction
- An Overview of the vShield Suite
- Centralized Management of the vShield Suite Using vShield Manager
- Protecting Virtual Machines with vShield Zones
- How vShield Zones Does Traffic Analysis
- Configuring vShield Zones Firewall Policies
- Enhancements Provided by vShield App
- Deploy the vShield Manager
- Deploy Agent VMs
- Moving VMs Between Protected and Unprotected Hosts
- Using vShield Edge to Provide Multi-tenancy Security
- Putting All of the Pieces Together, Deploying the vShield Suite for Maximum Benefit
- What We Covered
-
Lesson Clips
- Introduction
- What is vShield Endpoint?
- An Overview of Trend Micro's Deep Security
- Pros and Cons
- Deployment Steps
- Deploy Endpoint
- Install Deep Security Manager
- Prepare the vSphere Host and Deploy an Agent VM
- Install Drivers on the Guest and Activate the Guest to Be Managed
- Configure Anti-malware and Intrusion Prevention Functionality
- Where/When Would I Use Deep Security?
-
Lesson Clips
- Introduction
- An Overview of Hytrust
- Pros and Cons
- Hytrust Installation Demo
- Where/When Would I Use Hytrust
- What We Covered
-
Lesson Clips
- Introduction
- What is Compliance
- How Do We Do Compliance?
- Why is Compliance Important?
- Tools for Managing Compliance
- About VMware Configuration Manager
- VMware's Compliance Checker for vSphere and PCI Compliance Checker
- Installing and Running Free Compliance Checking Tools
- What We Covered
-
Lesson Clips
- Introduction
- What is Your Next Step?
- We Value Your Opinion
Instructors
David Davis
David has been in the IT industry for over 18 years. He has served as a server/network admin, IT manager, and independent contractor. Today, David is a full-time instructor for TrainSignal.com where he has created over 20 different IT training courses.
Additionally, he has written hundreds of IT articles on the Internet, written for Virtualization Review magazine, served as a judge at VMware product competitions, and spoke on virtualization at conferences in the USA, Canada, and Europe. David's "real-world" experience combined with his diversity of skills (Virtualization, Windows Server, and Cisco Networking) gives you a powerful learning resource that can't be matched.
Other Courses Instructed by David Davis
Jason Nash
Jason Nash has over 15 years of industry experience and is currently the Data Center Solutions Principal at Varrow, a leader in virtualization, storage, and DR located in the southeast. Before Varrow, Jason was a Platform Architect at a large investment bank where he helped to develop the organization's IT strategy. He has published several books on networking, Windows, and Linux. Jason was designated a vExpert by VMware and holds a BS in Networking Technology and a MS in Information Security.
Other Courses Instructed by Jason Nash
Lane Leverett
Lane has worked in the IT industry for over 13 years. He has worked as a Server, Network, and Virtualization engineer in both private and public sector organizations. Lane has spent the last 6 years in a consulting role for 3 different Systems Integrators implementing, designing, and architecting VMware Infrastructure, Cisco and HP networking, and EMC, NetApp, HP, and IBM storage solutions for customers. He currently works for ENS Inc. out of Sacramento, CA as a Senior Systems Engineer where he works primarily with VMware Virtualization, EMC, Cisco, and Microsoft solutions for customers.
Lane has focused on server virtualization, specifically VMware server virtualization, over the past 6 years seeing the amazing benefits of cost savings and new opportunities, flexability, and mobility that virtualization offers companies.
In 2010 Lane was awarded the tile of VCDX 3 #53, one of the few people in the world to hold this title. In 2011 he also attained the upgrade of this certification to VCDX 4, as well as some of the newer Virtual Desktop related certifications: VCA4-DT and VCP4-DT. Lane has a passion for engaging with his customers and extoling and evangelizing the benefits of virtualization. He loves any chance he has to share and impart information with his customers.
