Data Center Virtualization Certification：VCP6.5-DCV Exam Guide

上QQ阅读APP看书，第一时间看更新

Configuring and Administering vSphere 6.x Security

Security has become a critical aspect of every infrastructure, but for virtual environments, there are some advantages compared to the traditional infrastructures.

One of the main pillars of system virtualization is the Virtual Machine (VM) isolation principle, which protects a VM from other VM attacks, while also protecting the virtualization host from possible VM attacks. Of course, the isolation properties don't work for the network layer; other solutions are required to increase network security, such as VMware NSX.

While isolation protects the host level from the VM level, in some cases, it's also necessary to protect the VM level from the underlying infrastructure; for example, in a public cloud infrastructure, the consumer might have some concerns about how the provider manages the security and privacy of their data.

VMware vSphere 6.5 has introduced some important new security features, such as VM encryption, encrypted vMotion, and Secure Boot Support for VMs and ESXi.

Practicing what you learn in this chapter will be key to reinforcing your skills and your preparation for the exam. The last part of HOL-1811-01-SDC (vSphere v6.5 - What's New) and the lab HOL-1811-04-SDC (vSphere Security - Getting Started) include the encrypted VM and encrypted vMotion features.

The following topics will be covered in this chapter:

Understanding role-based access control in vSphere
Tuning and hardening guidelines for vCenter, ESXi, and VMs
Working with encryption and secure VMs