Monday,Tuesday and Wednesday this week I was fortunate enough to attend the VMware vSphere: Manage and Design for Security course. The course is one of the recommended courses for the VCAP: DCA exam so I was looking forward to learning quite a few things and get some of the questions I had built up while doing my preparations for the VCAP: DCA exam.
The course started a little slow on the Monday morning,as to no fault of the lecturer the first two modules were him giving best practices and recommendations and covering a lot of things I had learnt before either in my VCP courses/studies or via real world experience. The course material is very well structured and the extra explanations and examples in the study materials will be great reference documents for my VCAP preparations and for my design one day when I’m hopefully prepared to put my design up for the VCDX certification. The afternoons material was a lot more engaging and started to get into the kinds of things I was hoping the course was going to cover in teaching good design practice and fixing and preventing common problems in todays virtual environments. The day finished off with a few labs helping you visually fix common design errors and problems.
Tuesday we got into protecting the the management environment and Protecting your ESX and ESXi hosts. These were some of the topics I was really interested in especially for learning good design practices for my current job and for my future VCDX design. The biggest take away from this section had to be learning all about how you can use vMA to retrieve and store all your individual ESX hosts log files and how to add and use SSL certificates to secure the login into the Virtual Centre server. I’ve even already started looking at implementing the vMA log retrieval and storage into my own environment I was so impressed with it. Tuesday finished off with some labs learning how to setup vMa to retrieve and store the logs and had a really great lab for someone like me that hasn’t done it before on how to request and add an SSL certificate to your Virtual Centre server.
Wednesday consisted of finishing off learning about how to protect my ESX/ESXi hosts and then covered all the ways to harden my virtual machines and learning about configuration and change management. We were lucky to have a VMware employee in the course with us who had actually written parts of the vSphere Hardening Guide and therefore could give us great tips and additional resources to help learn more about securing our VMware environments. The two things that were the most interesting from what he told us was all about a product by HyTrust which “offers IT managers and administrators of virtual infrastructure a centralized, single point of control and visibility for hypervisor configuration, compliance, and access management” It comes in a virtual appliance and there is a community edition for me to play with in my test environment . Hopefully I can write up a posting on my experiences with the product for anyone interested. The next very informative tip he gave us was all about a document created by Horst Mundt a Technical Account Manager at VMware Germany on the VIOPS.VMware.com site detailing all the alarms and what they do in vCentre 4 and vCentre 4.1. The document is frighteningly thorough. The course finished covering the remaining topics and then we got to finish off our labs which were really good compared to a few courses I have been on as they really did teach you some in-depth skills and tips.
I would highly recommend the course to anyone wanting to strengthen their knowledge on securing their VMware Environment and it really is a great course if you are planning on doing your VCAP: DCA exam as there was loads and loads of pages and resources i marked down for me to study before I sit the exam.