VMware data security best practices
Securing your IT infrastructure is always an ongoing process. One of the best practices that VMware encourages is to renew the SSL keys used for communication between VMware products. The renewal of SSL keys periodically, helps to improve data security of your systems.
While reading this I was wondering what is the extended value of having SSL communication inside your own network? The answer is pretty simple, most theft of data comes from people who already have access to your network (Alex just gave me a perfect example this day about a Exchange administrator with rights he should not have).
So for administrators the SSL keys can be given to employees who actually need access to the data. The renewal of the SSL keys is a way to give administrators a process to keep the list of people who need access nice and tidy.
In the kb1008166 article VMware describes the best practices for handling SSL keys and how you can renew these.
The article also states that log files, which VMware might ask you about for support, can collect the SSL keys. In a recent security review VMware made, they concluded that these SSL keys aren’t used for support and therefore won’t be logged in newer versions of the logging tools. In the meantime it is recommended that after sending log files you renew the SSL keys.
- Hybrid Cloud Data Encryption with VMware vCloud Air by Edwin Weijdema
- Nakivo Gives Away v5.5 NFR Licenses to VMware Professionals by Sander Martijn
- Downgrade the vRealize Automation license by Erik Scholten
- ThinApp 5.2 released with Windows 10 support by Anne Jan Elsinga
- VMworld 2015: HyTrust Announces CloudControl for VMware NSX by Edwin Weijdema
Sander Martijn is a Technical Professional for Conoscenza in The Netherlands. As a Technical Professional he works for different clients, building, troubleshooting and managing ICT infrastructures. He is a certified VMware VCP-DCV, VCP-DTM, several VSP and VTSP. Since 2015 he has been awarded vExpert status.