To configure your VMware Cloud Foundation instance for compliance, you must download and license additional VMware and third-party software.

Security and Compliance Configuration for VMware Cloud Foundation uses scripts and commands based on VMware PowerCLI to reconfigure the SDDC. You must prepare a host with supported OS for running Microsoft PowerShell, set-up Microsoft PowerShell, and install the latest version of VMware PowerCLI. The host must have connectivity to the ESXi management network in the management cluster.

Table 1. Additional Software Required for Security and Compliance Configuration for VMware Cloud Foundation

Product Group

Script/Tool

Description

VMware PowerCLI

Supported OS for VMware PowerCLI

Operating system that supports Microsoft PowerShell and VMware PowerCLI. For more information on supported operating systems, see VMware PowerCLI User's Guide.

VMware vSAN

Key Management Server (KMS)

Key Management Servers are developed and released by Security and Cloud vendors for encryption in virtualized environments. You use a Key Management Server to enable the encryption of vSAN storage. For a list of supported Key Management Server , see KMS list. Refer to the Key Management Server vendor documentation for setup and configuration instructions, ensuring that all encryption keys are available across regions to enable decryption in the case of a region failover.

VMware vSAN

Proxy server

vSAN uses an external proxy server to connect to the Internet to download the Hardware Compatibility List.

VMware NSX-T Data Center

SFTP server

Space for NSX-T Manager backups must be available on an SFTP server. The NSX-T Manager instances must have connection to the remote SFTP server.

Table 2. VMware Scripts and Tools Required for Security and Compliance Configuration for VMware Cloud Foundation

Product Group

Script/Tool

Download Location

Description

VMware vSphere, vRealize Operations Manager

VMware PowerCLI

n/a

VMware PowerCLI contains modules of cmdlets based on Microsoft PowerShell for automating vSphere, vSphere Automation SDK, vSphere Update Manager, vRealize Operations Manager, VMware NSX-T Data Center, and others. VMware PowerCLI provides a PowerShell interface to the VMware product APIs.