VMware® Auditing Quick Reference Guide
What Is a VMware Audit Checklist?
Your VMware® environment needs to be secure in order to protect the confidentiality, integrity and availability of your applications and data. To maintain the required level of security, many companies run regular VMware security assessments. At the core of this process is a list of guidelines on configuration and governance of the virtual infrastructure. Those guidelines can be found in various audit checklists. Some are focused on information specific to a virtualization platform and published by vendors in the form of guides, such as the VMware Security Hardening Guides. Others aim to cover the broadest variety of security issues, and hence stay product and vendor agnostic.
Why Just Following Best Practices Is Not Enough for a Solid Security Strategy
Best practices are another source that can help you ensure the integrity of your VMware installation. Best practices are usually focused on a specific part of the system, for example, VMware® vCenter® server or an individual VMware® ESXi™ host, and they are often a supplement to security checklists. However, simply following those guidelines and recommendations for configuration and management of the virtual infrastructure might not be enough to maintain a high level of security of that infrastructure. In particular, there’s no guarantee that your installation will remain unchanged. Therefore, continuous server audit for changes made to your virtual infrastructure and a method for ensuring that those changes are aligned with the security strategy are crucial components of your risk assessment program.
You can achieve the visibility you need with continuous monitoring of your VMware environment. In this Quick Reference Guide, you’ll learn important tips about change monitoring and event viewing in your VMware, including recommendations on how to:
- View VMware vCenter® events
- View VMware vSphere® events
- Search events using a VMware Power CLI script.