vSphere Security provides information about securing your vSphere® environment for VMware® vCenter® Server and VMware ESXi.
To help you protect your vSphere environment, this documentation describes available security features and the measures that you can take to safeguard your environment from attack.
|Permissions and User Management||
|Host Security Features||
|Virtual Machine Encryption||
|Guest OS Security||
|Managing TLS Protocol Configuration||Changing TLS protocol configuration using a command-line utility.|
|Security Best Practices and Hardening||Best practices and advice from VMware security experts.
|vSphere Privileges||Complete listing of all vSphere privileges supported in this release.|
A companion document, Platform Services Controller Administration, explains how you can use the Platform Services Controller services, for example, to manage authentication with vCenter Single Sign-On and to manage certificates in your vSphere environment.
In addition to these documents, VMware publishes the vSphere Security Configuration Guide (formerly known as the Hardening Guide) for each release of vSphere, accessible at http://www.vmware.com/security/hardening-guides.html. The vSphere Security Configuration Guide contains guidelines on security settings that can or should be set by the customer, and security settings delivered by VMware that should be audited by the customer to ensure that they are still set to default.
This information is for experienced Windows or Linux system administrators who are familiar with virtual machine technology and data center operations.
vSphere Client and vSphere Web Client
Instructions in this guide reflect the vSphere Client (an HTML5-based GUI). You can also use the instructions to perform the tasks by using the vSphere Web Client (a Flex-based GUI).
Tasks for which the workflow differs significantly between the vSphere Client and the vSphere Web Client have duplicate procedures that provide steps according to the respective client interface. The procedures that relate to the vSphere Web Client, contain vSphere Web Client in the title.
VMware publishes a public list of VMware products that have completed Common Criteria certifications. To check if a particular VMware product version has been certified, see the Common Criteria Evaluation and Validation webpage at https://www.vmware.com/security/certifications/common-criteria.html.
Support for Federal Information Processing Standard 140-2
Starting with version 6.7, vCenter Server supports the Federal Information Processing Standard (FIPS) 140-2.
FIPS 140-2 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules. By default, FIPS 140-2 is always enabled after installation or upgrade of vCenter Server 6.7 or greater, and ESXi 6.7 or greater.
To learn more about support for FIPS 140-2 in VMware products, see https://www.vmware.com/security/certifications/fips.html.