Assigning vSphere security access controls

Security is critical in a vSphere environment. Virtual machine (VM) architecture, access methods and management is much different from that for physical servers. Because VMs are encapsulated into a single file that resides on a shared data store, additional attack vectors need to be secured. Further, any change or operation in a virtual environment can have a ripple effect on other residing VMs because all share common infrastructure components. Consequently, having proper security access controls in place is paramount to protect hosts and their VMs.

Because they have multiple components, virtual environments are secured in layers. You can do much of the work to secure an environment through vCenter Server, which provides centralized authentication and authorization services at many different levels inside vSphere. VCenter Server features four main components:

  • Privileges. A privilege enables or denies users access to perform actions in vSphere.
  • Roles. A role is a set of privileges that can be assigned to a user or group.
  • Users and groups. Users and groups are used in permissions to assign roles from Active Directory (AD) or local Windows users/groups.
  • Permissions. A permission is assigned to an object in vSphere and is composed of users/groups and a role.

Read the full article at…

Share This: