How to Identify if Your vSphere Environment is

Configured to Meet Your Internal IT Standards

Becky Smith, VMware

VCM4981

#VCM4981

2 2

Agenda

Introduction to vCenter Operations Suite

vSphere Configuration and Compliance challenges

in the Cloud

Addressing these challenges with vCenter

Configuration Manager (vCM):

• Integrated Virtual and Cloud Infrastructure

• Automated Operations

3 3

VMware Cloud Management

Multiplatform Hybrid Multi-provider

Broker

of IT Services

VMware simplifies and automates IT management

and empowers IT to govern services

across multiple platforms and providers

CIO

Turn management into manageability through

intelligent, policy-based automation

The VMware

Approach

4 4

VMware Cloud Management – Key Solution Areas

Automate the delivery of infrastructure, applications and

desktops as a service across multiple clouds

and platforms.

Cloud Operations

Manage the health, risk, efficiency and compliance of your infrastructure and

applications.

Cloud Business

Govern and manage cloud services as a critical element of running IT like a

business.

Intelligent operations

Policy-based

automation

Unified management

Financial

transparency

Industry norms

Prescriptive guidance

Automate everywhere

Policy-based control

and governance

Choice and flexibility

5 5

Cloud Operations – vCenter Operations Management Suite

• Prebuilt and configurable operations dashboards

provide real-time insight into infra. behavior

• Self-learning performance analytics and dynamic

thresholds enable early problem detection

• Policy-based config mgmt ensures continuous

compliance

• Capacity management optimizes resource usage

• Application discovery, monitoring and dependency

mapping enable enterprise-wide visibility

Benefits

Overview Right Now Future Focused

vCenter Operations Management Suite

Sources: *Forrester, “The Total Economic Impact of VMware vCenter Operations Management Suite” Dec 2012;

**Management Insights Customer Survey, September 2012

Integrated performance, capacity and

configuration management

• Higher quality of service, fewer incidents and less

downtime of infra and app services

• 67% IT productivity gain from simplified

performance, incident & change mgmt tasks*

• 30% reduction in server CapEx from rightsizing

and reclaiming over-provisioned capacity*

• 60% increase in VMs managed by a single VI

admin**

6 6

Cloud Operations Management Value

36% reduction in application downtime

26% reduction in diagnostics and problem resolution time

40% improvement in VMware capacity utilization

37% improvement in consolidation ratios

30% increase in hardware savings

60% increase in administrator productivity

50% total IT cost savings in combination with vSphere

Source: Management Insights Customer Survey, September 2012

7 7

vCenter Operations Management Suite

Integrated Management Disciplines

VMware’s Approach to Cloud Operations Management

Automated Operations Management for Cloud Infrastructure

Cloud Operations Console

Performance

Patented Analytics

Capacity

App visibility Reporting Logs Inventory Automation

Extensibility

Cost APIs

SDKs

3rd Party

adapters

Content

Packs

Compliance Config

8 8

Customer Configuration and Compliance Concerns

We have fully embraced vSphere but ensuring compliance with internal best practices consumes massive amounts of my teams time.

We lack visibility into our cloud and the increased velocity of change has made our change management process extremely challenging.

9 9

Cross-cloud Compliance Governance

Govern, automate and enforce compliance in the cloud:

For each cloud: create separate groups, configure compliance templates, collect

data for every managed system and remediate compliance breaches.

Configure separate

compliance templates

for each cloud

Track compliance

results for each cloud

10 10

Integrated Virtual and Cloud

Infrastructure Configuration and

Compliance Management

11 11

Configuration Management – Across Virtual Infrastructure

Configurations for the entire

virtual infrastructure

• Across Multiple vCenters & vCloud

Directors

1,000’s of Settings and

Configurations collected for:

• vCenter

• vSphere Hosts & Guests

• Virtual Network & Storage

• vCloud Director

• vShield

Fix settings across multiple

vCenters & ESX(i) servers at once

12 12

Configuration Management – Simplified Visualization

vSphere Host Summary Dashboard

• Provides overall vSphere Hosts Configuration Summary

State of the

Hosts

Makeup of the

Environment

Host

Compliance

Posture

Drill

in for

Details

VI Admin: “What is the status of my HOSTS in my environment? Is it what I expect?”

13 13

Configuration Management – Simplified Visualization

vSphere Guest Summary Dashboard

• Provides overall VM Configuration/Status Summary across vCenters

Accurate OS

Counts

VM Tool

Status

VM

Compliance

Posture

Drill

in for

Details

VI Admin: “How do I see visibility of at a glance guest configurations to find variants?”

14 14

Create Internal IT Best Practice Standards

vCM Compliance Management • Build compliance rules that meet your internal standards

• Across multiple vCenters and vCDs

VI & vCD Admins: “How can I be made aware of unwanted change? Drive MY Best Practices”

Create simple rules Rule Groups

span your IT

Best Practices

Severity

15 15

Virtual Environment Compliance Posture

Virtual Compliance Dashboard • Assess compliance status across vSphere & vCD environments

• vCenters, Clusters, Hosts, Datastores, VMs, vCD Orgs, vDCs & vApps

Latest

Compliance

Results

VI & vCD Admins + Security Teams: “Is my Virtual Infrastructure compliant?”

View Results

in VI context • Data Centers

• Clusters

• vCD Orgs

• vShield

Security

Groups

16 16

Out of the Box Standards Compliance

Center for Policy and

Compliance

Out of the Box Templates

• Use as is

• Leverage to start your Internal

Standards

• Use in Conjunction with your

Internal Standards

VI & vCD Admins + Security Teams: “How can quickly I meet industry standards and guidelines?”

Compliant VI

vSphere Hardening

Guides vCM Best Practices

DISA ESX

PCI DSS 2.0 for

vSphere/ESX

ISO 27002 - vSphere

Basel III - vSphere

CIS for ESX

FISMA ESX

GLBA ESX

HIPAA ESX

SOX ESX

View Hardening Guidelines

18 18

Let’s Walk Through a Specific Example

19 19

Detect an Unwanted Change in Host Configuration

Quickly understand what has changed

• Date, Machine, Data Type

Uncover unwarranted virtual environment changes

• SyslogDir, SyslogDirUnique, SyslogHost

Incorrect

Syslog

settings

Search for

vSphere Host

20 20

Understand the Scope of Change

Are these misconfigurations prevalent?

• Check settings on ALL hosts in the environment at once

• Use column grouping to understand where problems lie

Incorrect

settings exist

View across

multiple hosts

and vCenters

21 21

Remediate Mis-configuration Across All Hosts

Change incorrect ESX settings from within vCM

• Run on multiple hosts across multiple vCenters at once

Change ESX

Hosts Settings

Change across

multiple hosts

and vCenters

22 22

Verify and Audit the Change

vCM verifies changes were successful

Confirm or track changes by

• User, Date, Machine, Data Type

vCM initiated changes include User information

Users

Tracked

Times

Tracked

Select

Date

23 23

Proactively Guard Against Future Unwanted Changes

Create IT Compliance to drive your IT Internal Standards

Create new

Compliance

Rule Chose Data

Type

1,000s of Data

Points

Build

Compliance

Rule

24 24

Automated Operations

25 25

Compliance Visibility in Operations

Overview

• Roll up Hardening and

Compliance Status into

Risk Score

• Launch vCM in context

to remediate out of

Compliance systems

Benefits

• Enable Operations to

standardize on system

configurations and

quickly know when they

change

Drill into vCM for

details and to fix

violations

Compliance Score

as part of

Operational Risk

26 26

Summary

27 27

A Variety of Personas Can Benefit from VCM

Infrastructure Admins

• Templatize configuration settings for vSphere Hosts and vCenters. Replicate

settings from POC to Production.

• Consolidate configuration and execute large scale change operations across

multiple vCenters and Hosts

• Use compliance to ensure internal and external standards for vSphere

systems

Security Admins

• Define Internal Hardening and Regulatory Compliance (HIPAA, PCI, etc) for

vSphere

• Report on compliance status and recommend remediation for non-compliance

28 28

VCM Supports Private, Public and Hybrid Cloud Models

Benefits

• vSphere change

management and

compliance assurance for

both Consumer and Provider

• Ability to leverage the cloud

for compliant sensitive work

loads

• Ability to manage guests

across Clouds

• Guest compliance

• Patching

• Change management

vSphere

DMZ

HIPAA

Private Cloud Public Cloud

vSphere

Consumer

Provider

VMware

Compliance visibility

across owned

infrastructure and

all guests

Compliance visibility across

owned infrastructure

29 29

vCenter Operations Management Suite

Integrated Management Disciplines

VMware’s Approach to Cloud Operations Management

Automated Operations Management for Cloud Infrastructure

Cloud Operations Console

Performance

Patented Analytics

Capacity

App visibility Reporting Logs Inventory Automation

Extensibility

Cost APIs

SDKs

3rd Party

adapters

Content

Packs

Compliance Config

30 30

Questions

32 32

Other VMware Activities Related to This Session

HOL:

HOL-SDC-1315 vCloud Suite Use Cases - Control & Compliance

Group Discussions:

VCM1002-GD, VCM1004-GD

Cloud Operations with Hicham Mourad or Sam McBride

VCM4981

THANK YOU

How to Identify if Your vSphere Environment is

Configured to Meet Your Internal IT Standards

Becky Smith, VMware

VCM4981

#VCM4981