vSphere Security provides information about securing your vSphere® environment for VMware® vCenter® Server and VMware ESXi.

To help you protect your vSphere environment, this documentation describes available security features and the measures that you can take to safeguard your environment from attack.

Table 1. vSphere Security Highlights

Topics

Content Highlights

Permissions and User Management

  • Permissions model (roles, groups, objects).

  • Creating custom roles.

  • Setting permissions.

  • Managing global permissions.

Host Security Features

  • Lockdown mode and other security profile features

  • Host smart card authentication

  • vSphere Authentication Proxy

Virtual Machine Encryption

  • How does VM encryption work?

  • KMS setup.

  • Encrypting and decrypting VMs.

  • Troubleshooting and best practices.

Managing TLS Protocol Configuration

Changing TLS protocol configuration using a command-line utility.

Security Best Practices and Hardening

Best practices and advice from VMware security experts.

  • vCenter Server security

  • Host security

  • Virtual machine security

  • Networking security

vSphere Privileges

Complete listing of all vSphere privileges supported in this release.

Related Documentation

A companion document, Platform Services Controller Administration, explains how you can use the Platform Services Controller services, for example, to manage authentication with vCenter Single Sign-On and to manage certificates in your vSphere environment.

In addition to these documents, VMware publishes a Hardening Guide for each release of vSphere, accessible at http://www.vmware.com/security/hardening-guides.html. The Hardening Guide is a spreadsheet with entries for different potential security issues. It includes items for three different risk profiles. This vSphere Security document does not include information for Risk Profile 1 (highest security environment such as top-secret government).

Intended Audience

This information is for experienced Windows or Linux system administrators who are familiar with virtual machine technology and data center operations.

vSphere Web Client and vSphere Client (HTML 5 Client)

Task instructions in this guide are based on the vSphere Web Client. You can also perform most of the tasks in this guide by using the new vSphere Client. The new vSphere Client user interface terminology, topology, and workflow are closely aligned with the same aspects and elements of the vSphere Web Client user interface. You can apply the vSphere Web Client instructions to the new vSphere Client unless otherwise instructed.

Note:

Not all functionality in the vSphere Web Client has been implemented for the vSphere Client in the vSphere 6.5 release. For an up-to-date list of unsupported functionality, see Functionality Updates for the vSphere Client Guide at http://www.vmware.com/info?id=1413.