vSphere Security provides information about securing your vSphere® environment for VMware® vCenter® Server and VMware ESXi.

To help you protect your vSphere environment, this documentation describes available security features and the measures that you can take to safeguard your environment from attack.

To help you protect your vSphere environment, this documentation describes available security features and the measures that you can take to safeguard your environment from attack.

Table 1. vSphere Security Highlights

Topics

Content Highlights

Authentication with vCenter Single Sign-On

  • vCenter Single Sign-On functionality and services.

  • Adding and managing identity sources.

  • vCenter Single Sign-On policies.

  • Users and groups.

Permissions and User Management

  • Permissions model (roles, groups, objects).

  • Creating custom roles.

  • Setting permissions.

  • Managing global permissions.

Certificate Management

  • ESXi certificate management

  • Certificate management for vCenter Server and related services.

    • Certificate management using the UI.

    • Certificate management using the Certificate Manager utility.

    • Using CLI for manual certificate management (includes examples).

Host Security Features

  • Lockdown mode and other security profile features.

  • Host smart card authentication.

  • vSphere Authentication Proxy.

Security Best Practices and Hardening

Best practices and advice from VMware security experts.

  • vCenter Server security.

  • Host security.

  • Virtual machine security.

  • Networking security.

vSphere Privileges

Complete listing of all vSphere privileges supported in this release.

Related Documentation

In addition to this document, VMware publishes a Hardening Guide for each release of vSphere, accessible at http://www.vmware.com/security/hardening-guides.html. The Hardening Guide is a spreadsheet with entries for different potential security issues. It includes items for three different risk profiles. This vSphere Security document does not include information for Risk Profile 1 (highest security environment such as top-secret government).

Intended Audience

This information is for experienced Windows or Linux system administrators who are familiar with virtual machine technology and data center operations.