For years now as VMware has traveled down the path of the Virtual Appliance.  It’s nothing new, but the approach has changed thanks to a few very key people within the company.

The Virtual Appliance of the past typically almost never saw an OS patch, rarely was hardened, and quite frankly scared Federal Admins and IA groups for those reasons.  Truth be told, they all wanted to use them, but getting it approved was just too much of a hurdle.  That is quickly changing, and some of it has already and you didn’t even know it.

With 5.5 on the horizon you’re going to see a new breed of Virtual Appliance for products such as vCenter Server and vCenter Orchestrator that are all based upon a common OS, common set of services, and a common set of hardening.  No more one-offs, everything is going to a standard.  What does that mean for you?  A great deal from both the administrative and security point of view.

Now, I don’t want to take away from Mike Foley.  He has written a great set of articles to get you started.  Take a look at the series below for a peek at what’s out there now, and what’s to come.  Wait, hold on though, don’t click them just yet.  I want to add a little whipped cream to the pie.

blogs.vmware.com – Mike Foley
Virtual Appliances getting more secure with vSphere 5.5 – Part 1
Virtual Appliances getting more secure with vSphere 5.5 – Part 2
Virtual Appliances getting more secure with vSphere 5.5 – Part 3
Virtual Appliances getting more secure with vSphere 5.5 – Part 4

We’ve got a lot of bite, but where’s the bark to go along with it?  Well, it’s in the documentation.  In the very near future you will see a VMware Virtual Appliance STIG.  This document, which is complete but currently under final review by DISA FSO, will cover the hardened appliance baseline.  Combine the controls baked into the baseline with the published documentation from DISA and you’re ready to tackle that pesky IA group and take their lunch money.

Oh, did I mention DIACAP checklists already filled out to distribute with the product as well?  Betcha didn’t see that coming.  I can’t make this stuff up, it’s awesome!

One thought on “A New Breed of VMware Virtual Appliance – Coming to a Federal Data Center Near You

  1. That’s great news. Look forward to it. I just found your blog after going through the STIG in my lab. Wish I had gotten to your website early but still helpful and do you have some automation scripts posted or way to duplicate at least some config across multiple hosts or in an air-gap environment. I believe you posted in other comments you are working on some automation scripts.

    We recently bought vCenter Ops; wondering if checklists, etc will be integrated in the compliance component. DISA vSphere 5 Compliance toolkit, which recently came out, will that help for remediation or is it just for checks? I still have to install vCOPS and test with VCM.

Comments are closed.