As the virtual infrastructure administrator for your company, you must ensure that your vSphere 6.0 objects comply with the compliance rules in the vSphere Hardening Guide. You use the compliance alerts in vRealize Operations Manager to monitor your objects for violations to your compliance standards. When a compliance alert triggers on your vCenter Server instance, hosts, virtual machines, distributed port groups, or distributed switches, you investigate the compliance violation. You must and resolve the violation so that the violated object continues to meet industry security standards.

About this task

You manage and monitor the security of your production, test, and development environments. Your objects consist of multiple vCenter Server instances, with hosts, virtual machines, distributed port groups, and distributed switches in each instance.

Your CIO requires that you run SSH on all vCenter Server instances and host machines in your production and test environments. You monitor all hosts to ensure that they comply with the SSH requirement. You produce a compliance report each week to prove to your manager and the compliance team that your objects comply with the implemented security standards.

To enforce and report on the compliance of your vSphere 6.0 objects, you enable the compliance rules in the vSphere Hardening Guide. Then, you enable the appropriate alerts, and apply a risk profile to your virtual machines. After vRealize Operations Manager collects the compliance data from your objects, you resolve any rule violations that occurred, and create a report of the compliance results for your manager and the compliance team.

The Alert definitions provided with vRealize Operations Manager are based on object types instead of the specific versions of the hardening guides. To use these alerts, you no longer must create a custom group and apply the policy to that group.

Some alert definitions are common between vSphere 6.0 and vSphere 5.5 objects. vRealize Operations Manager checks vSphere 6.0 symptoms against 6.0 objects, 5.5 symptoms against 5.5 objects, and a combination of 6.0 and 5.5 symptoms against both versions of the objects.

Prerequisites

Verify that the current version of vRealize Operations Manager is installed and running.

Procedure

  1. In vRealize Operations Manager, enable the compliance rules.
    1. Click Administration, and click Solutions.
    2. Click the VMware vSphere solution, and click Configure.
    3. In the Manage Solution dialog box, click Define Monitoring Goals.
    4. Under Enable vSphere Hardening Guide Alerts, click Yes and click Save.
    5. When vRealize Operations Manager reports that the default policy is configured to collect compliance data on your objects, click OK and click Close.
  2. Enable the compliance alert definitions in the default policy.
    1. Click Policies > Policy Library.
    2. Click the Default Policy, and click Edit Selected Policy.
    3. In the Edit Monitoring Policy workspace on the left, click Alert / Symptom Definitions.
    4. In the filter text box in the Alert Definitions pane, enter hardening.

      Several alert definitions appear, which you use to enforce compliance on your objects. Each alert displays the number of symptoms and the object type to which the alert applies. You can see the alert definitions for risk profiles 1, 2, and 3, which you use to ensure high, medium, or low security on your virtual machines.

    5. Click the alert named vCenter is violating vSphere Hardening Guide.
    6. In the State column, click the down arrow, and select Local.
    7. To enable compliance alerts on your virtual machines, distributed port groups, and distributed switches, enable the other alert definitions, and click Save.
  3. View the symptom set in the alert definition for the ESXi host.
    1. Click Content > Alert Definitions.
    2. In the filter text box, enter hardening.
    3. Click the alert named vCenter is violating vSphere Hardening Guide.
    4. In the lower pane, locate the alert impact, criticality, and symptom set.
    5. Scroll through the symptom set and examine the symptoms, which can trigger an alert, for the host.
    6. Below the symptom set, examine the recommendation to fix the problem if this alert triggers on your host.
    7. Click the link to the VMware vSphere Hardening Guide.

      The Web page opens to the list of VMware vSphere Security Hardening Guides at http://www.vmware.com/security/hardening-guides.html.

  4. Focus in on the alerts for the host in your production vCenter Server instance.
    1. In the navigation pane, click Home and click the Recommendations tab.

      Compliance Violations

    2. In the pane titled Top Risk Alerts for Descendants, you see that the following alerts triggered.

      Compliance Alert Triggered

      How to Resolve the Alert

      Virtual Machine is violating Risk Profile 1 in vSphere Hardening Guide

      To resolve the alert on 12 of your virtual machines, click the link to the vSphere Hardening Guide.

      ESXi Host is violating vSphere Hardening Guide

      To resolve the alert on 6 of your hosts, click the link to the vSphere Hardening Guide.

    3. Click the link in the compliance alert named ESXi Host is violating vSphere Hardening Guide.
    4. Examine the dialog box named Risk Issues, which displays the hosts that violated the rules in the vSphere Hardening Guide.

      Compliance Alert Details Risk Issues

    5. For the first host listed, click View Details, and examine the violations on the Summary tab.
    6. Examine the multiple compliance violations on the host, including SSH violations. By looking at the description of the SSH rule violations, you see that the rule applies to both vSphere 6.0 and 5.5 objects.

      Compliance Alert Details Summary

  5. To determine when the symptom for the SSH services triggered the compliance alert, click the down-arrow next to the violated symptom. Then, use the vSphere Hardening Guide to resolve the alert.
  6. Run a report for your compliance team.
    1. In the navigation pane on the left, click your host object.
    2. Click the Reports tab.
    3. In the filter text box, enter hardening.

      The report named VMware vSphere Hardening Guide - Non-compliance Report appears.

    4. On the Report Templates tab, click Run Template, and wait for vRealize Operations Manager to generate the report.
    5. Click Generated Reports.

      The report appears, and provides PDF and CSV versions for you to download.

    6. In the Download column, click the PDF icon and examine the content in the report.

      The non-compliance report appears for the host, and includes the date and time that you ran the report. It also identifies you as the user who ran the report. The report displays the noncompliant rules that ran on the object and its descendants. In the report, you can see the criticality and status of the alert, the object name, and the type on which the alert triggered.

    7. In the Download column, click the CSV icon, and examine the content of the spreadsheet.

      The spreadsheet provides an easy way to see a summary of the results, and allows you to import the data into another application.

Results

You have ensured that the compliance rules, are enforced on the objects in your vCenter Server instances, according to the VMware vSphere Hardening Guide.

What to do next

To examine the compliance alert definitions for your other objects, click Content > Alert Definitions.