Many companies have very strict rules on who can enter the datacenter and your VMware infrastructure should not be any different! Sure there are various levels of access in datacenters, I’ve been in quite a few and I sleep better at night knowing that the necessary precautions are taken to secure these facilities. Jason Boche wrote a great article back in 2009 that describes in detail, how the security model works in vCenter and within the article, shows some of the pitfalls of providing too much access for what seems to be minimal rights.
What we need to understand is that the virtual infrastructure should be protected in the same manner that we employ in the physical world. If the wrong person got in as an administrator, it could spell disaster for your entire infrastructure/datacenter. The following recommendations may seem too stringent for some folks, but we should not simply give certain access just to “get things done”. VMware vCenter has some really nice predefined templates that you can use to minimize the attack footprint while allowing different levels of administrators the ability to do their job, but always double-check what permissions are granted with them.
Here are a few guidelines you should follow:
- Only give a few people full administrator rights to your environment. Treat this like the Enterprise Admin account of your Active Directory forest (if you run Windows).
- Service accounts and scripted tasks should use an account with the bare minimum they need to carry out their task. Don’t give them admin rights because its easy.
- Do not allow SSH access as ROOT and turn off SSH when it is not needed. vCenter should be alerting you when this is turned on and should never be suppressed as this widens the attack footprint of your cluster nodes.
- vCenter best practices are to provide access via groups instead of individual user access.
- Be careful in granting access at the root level since this gives users access across multiple vCenter’s if you are running in linked mode.
- Perform a monthly, quarterly audit to ensure security. Especially if you have more than 2 administrators in your environment.
Changes in the authentication mechanism
vSphere 5.1 – along with vCenter 5.1 comes with a requirement to run the environment with single sign-on (or SSO). The implementation has a few components to it and I’m sure many of you have already tested this out in the lab or have deployed some parts of it already. The following diagram is a depiction of the authentication process and how your credentials (tokens) are sent to endpoint.
With the implementation of SSO, VMware is trying to reign in and protect authentication to the core components of the virtual infrastructure and doing your part with these access control guidelines, you will ensure a stable and secure virtual datacenter.