Part 1 of 3 in the VMware vSphere Security Design series focuses on the essential security concepts in VMware virtualization. The goal of this course is to take you beyond basic implementation, configuration, and administration of VMware vSphere and teach you the skills needed to properly secure a vSphere environment. You’ll learn information security and risk management concepts, how virtualization affects security, guidelines and best practices for securing a virtual environment, and securing virtual machines. This course is recommended for those who have existing VMware vSphere knowledge who want to enhance their security knowledge.
Getting Started with VMware vSphere Security Design Training Hello and welcome to TrainSignal. This is Getting Started with VMware vSphere Security Design Training. This vSphere Security Design course is by Jason Nash and Lane Leverett, two VCDXs and experts in vSphere security. My name is David Davis and I'm here to give you a quick introduction to what the course has to offer. In this introductory lesson I'll be covering why vSphere security is critical knowledge in the world of virtualization. From there I'll review what you'll learn in this course before I end this lesson with a type of lab that you could create to reproduce what Jason and Lane will be teaching you about vSphere security. So with that, let's get started.
Security Priorities in a Virtual Environment Hi. You're watching Security Priorities in a Virtual Environment or vSphere Security in the Real World. We're going to take everything we learned in the last lesson on security fundamentals and primers and really start applying it to a virtual environment so right off the top we're going to look at appeasing your security department, you know is virtualization secure? A common question and I get this a lot, especially as we start looking at virtualizing more secured environments, DMZs, public-facing internet type servers, and so it's a question that I get all the time. And then we're going to look at common worries about virtualization security. There are a lot of myths out there. There's some you know, facts that you need to kind of communicate and put forward, but we'll go through some of those and then we'll take a look at what goes bump in the night, which are different types of security threats as they specifically apply to a virtual environment. And next is the impact of virtualization server consolidation on securing that infrastructure and then you know, what is VMware the company specifically doing about security? You know, products or technologies or processes, you know, what are they doing? And finally regular tasks that a good vSphere admin should do to maintain that solid security and if you remember again, security is not a destination; it's an iterative process so we'll take a look there.
vNetwork Security Architecture Hi. You're watching vNetwork Security Architecture. In this lesson we're going to dive into virtual networking. We'll start with talking about different types of deployments for trust zones. So a trust zone could be a production network, developer network, secure environment, or more or less an unprotected network like a DMZ and should you replicate your physical deployment in a virtual world? Next is the Top 10 Common Mistakes, a recommendation or things to consider when doing virtual networking. And then we'll go through some of the security considerations when using the standard vSphere vSwitch. This is the normal vSwitch that almost every vSphere admin is very intimately familiar with and we'll take a look at some of the security options it has. Next we'll extend that to the vSphere dvSwitch and the to continue that train of thought, if you want even more functionality we'll go over what you get with the Cisco Nexus 1000-V. Finally, we'll give some best practices for isolating management traffic amongst your vSphere hosts, vCenter, and storage.
Securing vNetwork Configuration Hi. You're watching Security vNetwork Configuration. So in this lesson we're going to talk about securing your vNetwork and your vNetwork design. So we'll begin with security considerations in the vNetwork design and kind of show you how physical switches and virtual switches differ, which I know we've discussed a little bit in previous lessons, but we'll start going through some of the specific examples, some of the threats that you need to worry about and some of the options that you can set to kind of counter those threats. Then we'll look at configuring the vNetwork for different trust zone scenarios and if you remember again from a previous lesson where we talked about how to segment traffic, we'll go into more depth on that here in this lesson. We're also going to do some labs and show you specifically how you configure your vSphere host for that traffic segmentation. Next, implementing VLANs and network separation. So we've kind of tossed the VLAN term around, but we're going to specifically look at how you use that for segmentation and what you need to do to configure trunking and VLAN passing and those sorts of configuration options. After that, using and configuring private VLANs. Private VLANs are an extension of VLANs and something that can be very useful when securing environments, but it's something that a lot of people just don't understand. Next, vSwitch security configuration. So we'll take a look at you know configuring the vSwitches for traffic segmentation and the security options there and then we'll do the same with the distributed virtual switch as well as do a lab and kind of show you some of the configuration options and how you deploy that. And finally, overview, deployment, and configuration of the Nexus 1000-V from Cisco. This was Cisco's distributed virtual switch offering so we're going to go through and look at you know, the architecture of that, how you deploy it, manage it, and some of the configuration for that switch.
Working with SSL Certificates Hi, you're watching Working with SSL Certificates. In this lesson, we're going to start talking about Secure Sockets Layer, or SSL, and we'll begin with an overview of how SSL works and why we use it, and then show you how VMWare specifically uses it for secure communication. We'll give an example of an SSL negotiation so you can see how that communication is established, and then we'll move into talking about digital certificates; what they are, what do we use them for, and how we generate their certificates. A very common question, something I get a lot, is how do I get rid of that annoying SSL warning when I log into vCenter. So that's a simple question, but it leads into some other discussions. Things like, do we use internal or do we have real certificates generated, and we'll talk about the pros and cons of each and what that means. Next, how do you protect those certificates? So they're just files, and we need to make sure they don't fall into the wrong hands. We'll go through how to install your own certificates, and give you a little bit more detail about those digital certificate files. Finally, we do a lab and give you the steps on how to replace existing SSL certificates that get generated and stalled when you install vCenter and vSphere.
Hardening the vCenter Server System Hi, you're watching Hardening the vCenter Server System. In this lesson, we're going to take a look at the vCenter Server System itself, and remember, vCenter's our central point of management. So we need to pay special attention to this system, and look at what we need to do to secure vCenter, as well as the underlying Windows operating system. So we'll begin with a quick refresher on the three A's for vCenter - authentication, authorization, and accounting; and we've covered these in a previous lesson, but I want to show you how they apply specifically to vCenter. Then we'll go through the best practices for deploying and protecting the vCenter application. As well as the application, we'll look at hardening the underlying operating system. Since vCenter runs on tops of Windows, we need to make sure Windows is secure and stable, therefore vCenter can be secure and stable. Next, don't forget the vSphere Client. So it's easy to think about vCenter, and Windows, and all that, but there's also some things to look at when we're actually talking about using the Client. So, we need to look at how we secure that, as well as the server. Finally, we'll talk about monitoring the vCenter log files. So, where they're stored, what they have, and I'll show you a couple of quick examples of those.