vmworld 2013: how to identify if your vsphere environment is configured to meet your internal it...
Post on 04-Jul-2015
32 Views
Preview:
DESCRIPTION
TRANSCRIPT
How to Identify if Your vSphere Environment is
Configured to Meet Your Internal IT Standards
Becky Smith, VMware
VCM4981
#VCM4981
2 2
Agenda
Introduction to vCenter Operations Suite
vSphere Configuration and Compliance challenges
in the Cloud
Addressing these challenges with vCenter
Configuration Manager (vCM):
• Integrated Virtual and Cloud Infrastructure
• Automated Operations
3 3
VMware Cloud Management
Multiplatform Hybrid Multi-provider
Broker
of IT Services
VMware simplifies and automates IT management
and empowers IT to govern services
across multiple platforms and providers
CIO
Turn management into manageability through
intelligent, policy-based automation
The VMware
Approach
4 4
VMware Cloud Management – Key Solution Areas
Automate the delivery of infrastructure, applications and
desktops as a service across multiple clouds
and platforms.
Cloud Operations
Manage the health, risk, efficiency and compliance of your infrastructure and
applications.
Cloud Business
Govern and manage cloud services as a critical element of running IT like a
business.
Intelligent operations
Policy-based
automation
Unified management
Financial
transparency
Industry norms
Prescriptive guidance
Automate everywhere
Policy-based control
and governance
Choice and flexibility
5 5
Cloud Operations – vCenter Operations Management Suite
• Prebuilt and configurable operations dashboards
provide real-time insight into infra. behavior
• Self-learning performance analytics and dynamic
thresholds enable early problem detection
• Policy-based config mgmt ensures continuous
compliance
• Capacity management optimizes resource usage
• Application discovery, monitoring and dependency
mapping enable enterprise-wide visibility
Benefits
Overview Right Now Future Focused
vCenter Operations Management Suite
Sources: *Forrester, “The Total Economic Impact of VMware vCenter Operations Management Suite” Dec 2012;
**Management Insights Customer Survey, September 2012
Integrated performance, capacity and
configuration management
• Higher quality of service, fewer incidents and less
downtime of infra and app services
• 67% IT productivity gain from simplified
performance, incident & change mgmt tasks*
• 30% reduction in server CapEx from rightsizing
and reclaiming over-provisioned capacity*
• 60% increase in VMs managed by a single VI
admin**
6 6
Cloud Operations Management Value
36% reduction in application downtime
26% reduction in diagnostics and problem resolution time
40% improvement in VMware capacity utilization
37% improvement in consolidation ratios
30% increase in hardware savings
60% increase in administrator productivity
50% total IT cost savings in combination with vSphere
Source: Management Insights Customer Survey, September 2012
7 7
vCenter Operations Management Suite
Integrated Management Disciplines
VMware’s Approach to Cloud Operations Management
Automated Operations Management for Cloud Infrastructure
Cloud Operations Console
Performance
Patented Analytics
Capacity
App visibility Reporting Logs Inventory Automation
Extensibility
Cost APIs
SDKs
3rd Party
adapters
Content
Packs
Compliance Config
8 8
Customer Configuration and Compliance Concerns
We have fully embraced vSphere but ensuring compliance with internal best practices consumes massive amounts of my teams time.
We lack visibility into our cloud and the increased velocity of change has made our change management process extremely challenging.
9 9
Cross-cloud Compliance Governance
Govern, automate and enforce compliance in the cloud:
For each cloud: create separate groups, configure compliance templates, collect
data for every managed system and remediate compliance breaches.
Configure separate
compliance templates
for each cloud
Track compliance
results for each cloud
10 10
Integrated Virtual and Cloud
Infrastructure Configuration and
Compliance Management
11 11
Configuration Management – Across Virtual Infrastructure
Configurations for the entire
virtual infrastructure
• Across Multiple vCenters & vCloud
Directors
1,000’s of Settings and
Configurations collected for:
• vCenter
• vSphere Hosts & Guests
• Virtual Network & Storage
• vCloud Director
• vShield
Fix settings across multiple
vCenters & ESX(i) servers at once
12 12
Configuration Management – Simplified Visualization
vSphere Host Summary Dashboard
• Provides overall vSphere Hosts Configuration Summary
State of the
Hosts
Makeup of the
Environment
Host
Compliance
Posture
Drill
in for
Details
VI Admin: “What is the status of my HOSTS in my environment? Is it what I expect?”
13 13
Configuration Management – Simplified Visualization
vSphere Guest Summary Dashboard
• Provides overall VM Configuration/Status Summary across vCenters
Accurate OS
Counts
VM Tool
Status
VM
Compliance
Posture
Drill
in for
Details
VI Admin: “How do I see visibility of at a glance guest configurations to find variants?”
14 14
Create Internal IT Best Practice Standards
vCM Compliance Management • Build compliance rules that meet your internal standards
• Across multiple vCenters and vCDs
VI & vCD Admins: “How can I be made aware of unwanted change? Drive MY Best Practices”
Create simple rules Rule Groups
span your IT
Best Practices
Severity
15 15
Virtual Environment Compliance Posture
Virtual Compliance Dashboard • Assess compliance status across vSphere & vCD environments
• vCenters, Clusters, Hosts, Datastores, VMs, vCD Orgs, vDCs & vApps
Latest
Compliance
Results
VI & vCD Admins + Security Teams: “Is my Virtual Infrastructure compliant?”
View Results
in VI context • Data Centers
• Clusters
• vCD Orgs
• vShield
Security
Groups
16 16
Out of the Box Standards Compliance
Center for Policy and
Compliance
Out of the Box Templates
• Use as is
• Leverage to start your Internal
Standards
• Use in Conjunction with your
Internal Standards
VI & vCD Admins + Security Teams: “How can quickly I meet industry standards and guidelines?”
Compliant VI
vSphere Hardening
Guides vCM Best Practices
DISA ESX
PCI DSS 2.0 for
vSphere/ESX
ISO 27002 - vSphere
Basel III - vSphere
CIS for ESX
FISMA ESX
GLBA ESX
HIPAA ESX
SOX ESX
View Hardening Guidelines
18 18
Let’s Walk Through a Specific Example
19 19
Detect an Unwanted Change in Host Configuration
Quickly understand what has changed
• Date, Machine, Data Type
Uncover unwarranted virtual environment changes
• SyslogDir, SyslogDirUnique, SyslogHost
Incorrect
Syslog
settings
Search for
vSphere Host
20 20
Understand the Scope of Change
Are these misconfigurations prevalent?
• Check settings on ALL hosts in the environment at once
• Use column grouping to understand where problems lie
Incorrect
settings exist
View across
multiple hosts
and vCenters
21 21
Remediate Mis-configuration Across All Hosts
Change incorrect ESX settings from within vCM
• Run on multiple hosts across multiple vCenters at once
Change ESX
Hosts Settings
Change across
multiple hosts
and vCenters
22 22
Verify and Audit the Change
vCM verifies changes were successful
Confirm or track changes by
• User, Date, Machine, Data Type
vCM initiated changes include User information
Users
Tracked
Times
Tracked
Select
Date
23 23
Proactively Guard Against Future Unwanted Changes
Create IT Compliance to drive your IT Internal Standards
Create new
Compliance
Rule Chose Data
Type
1,000s of Data
Points
Build
Compliance
Rule
24 24
Automated Operations
25 25
Compliance Visibility in Operations
Overview
• Roll up Hardening and
Compliance Status into
Risk Score
• Launch vCM in context
to remediate out of
Compliance systems
Benefits
• Enable Operations to
standardize on system
configurations and
quickly know when they
change
Drill into vCM for
details and to fix
violations
Compliance Score
as part of
Operational Risk
26 26
Summary
27 27
A Variety of Personas Can Benefit from VCM
Infrastructure Admins
• Templatize configuration settings for vSphere Hosts and vCenters. Replicate
settings from POC to Production.
• Consolidate configuration and execute large scale change operations across
multiple vCenters and Hosts
• Use compliance to ensure internal and external standards for vSphere
systems
Security Admins
• Define Internal Hardening and Regulatory Compliance (HIPAA, PCI, etc) for
vSphere
• Report on compliance status and recommend remediation for non-compliance
28 28
VCM Supports Private, Public and Hybrid Cloud Models
Benefits
• vSphere change
management and
compliance assurance for
both Consumer and Provider
• Ability to leverage the cloud
for compliant sensitive work
loads
• Ability to manage guests
across Clouds
• Guest compliance
• Patching
• Change management
vSphere
DMZ
HIPAA
Private Cloud Public Cloud
vSphere
Consumer
Provider
VMware
Compliance visibility
across owned
infrastructure and
all guests
Compliance visibility across
owned infrastructure
29 29
vCenter Operations Management Suite
Integrated Management Disciplines
VMware’s Approach to Cloud Operations Management
Automated Operations Management for Cloud Infrastructure
Cloud Operations Console
Performance
Patented Analytics
Capacity
App visibility Reporting Logs Inventory Automation
Extensibility
Cost APIs
SDKs
3rd Party
adapters
Content
Packs
Compliance Config
30 30
Questions
32 32
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1315 vCloud Suite Use Cases - Control & Compliance
Group Discussions:
VCM1002-GD, VCM1004-GD
Cloud Operations with Hicham Mourad or Sam McBride
VCM4981
THANK YOU
How to Identify if Your vSphere Environment is
Configured to Meet Your Internal IT Standards
Becky Smith, VMware
VCM4981
#VCM4981
top related