The VMware vSphere Hardening Guide alerts notify you when settings or properties on your vCenter Server instances, hosts, virtual machines, distributed port groups, and distributed switches are not configured in compliance with the guide. To have vRealize Operations Manager assess your objects against the compliance alerts, you must override the policy state so that the setting named Local is enabled for each alert.

About this task

The alert-based compliance works after you enable the VMware vSphere Hardening Guide alerts. The VMware vSphere Hardening Guide checks the collected data to determine whether the settings are configured correctly so that your objects operate in a secure manner.

Prerequisites

Verify that your instance of vRealize Operations Manager includes the Default Policy and one or more other policies. See Default Policy in vRealize Operations Manager.

Procedure

  1. In the menu, click Administration.
  2. Click Policies and click the Policy Library tab.
  3. Expand Base Settings, click the policy to customize it, and click the pencil to edit the selected policy.
  4. In the Edit Monitoring Policy workspace, click Alert / Symptom Definitions.
  5. Select Alert Definitions pane to display and examine the compliance alerts and enter hardening in the text box.
    Table 1. Compliance Alerts

    Compliance Alerts

    Support for vSphere Hardening Guide Version

    ESXi host is violating vSphere Hardening Guide

    5.5 and 6.0

    vCenter Server is violating vSphere Hardening Guide

    6.0

    Virtual machine is violating Risk Profile 1 in vSphere Hardening Guide

    5.5 and 6.0

    Virtual machine is violating Risk Profile 2 in vSphere Hardening Guide

    5.5 and 6.0

    Virtual machine is violating Risk Profile 3 in vSphere Hardening Guide

    5.5 and 6.0

    vSphere Distributed Port Group is violating vSphere Hardening Guide

    6.0

    vSphere Distributed Virtual Switch is violating vSphere Hardening Guide

    6.0

  6. For each compliance alert, click the State drop-down menu and click Local.
  7. To save your updates to the policy, click Save.

Results

You have enabled the alerts and the associated symptom definitions. When the configured policy is applied to objects, it becomes active. When the configured symptom definitions become true for your vCenter Server instances, hosts, virtual machines, distributed port groups, and distributed switches, vRealize Operations Manager generates the VMware vSphere Hardening Guide alerts.

What to do next

Review the Compliance tab to determine whether your objects are in compliance. For an example, see User Scenario: Ensure Host Objects Comply With Alert-Based Compliance Rules.

You can find the vSphere Hardening Guides at http://www.vmware.com/security/hardening-guides.html.