VMware vSphereTM and Virtual Infrastructure Security: Securing the Virtual Environment
There are so many similarities between VMware vSphere and Virtual Infrastructure from a security perspective that we decided to change the title of the book. The book already covered VMsafe and other APIs, Distributed Virtual Switches, as well as other aspects of vSphere security. It seemed logical to change the title to reflect this.
June 2009 by Pearson Education
More Info about the Author
Tim Pierson who contributed the chapter on penetration testing.
Tom Howarth who contributed the chapter on Virtual Desktop Environments.
Links to Articles/Interviews about Book
- Simon Seagraves of Techhead VMworld Interview
- Hany Michael aka HyperVizor Must Have Virtualization Books
- David Davis New Book- VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
- Eric Sloof VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment
- MSI::State of Security Book Review: VMware vSphere and Virtual Infrastructure Security
- vDestination vDestination’s Top 5 VMware Books List
- Lockdown by Source IP page 356In Step 4 of the Hardening script instead of creating a secondary firewall script when using VMware vSphere you can use the following style of esxcfg-firewall commands to let VMware vSphere manage the rules.
esxcfg-firewall --ipruleAdd 0.0.0.0/0,22,tcp,REJECT,"Block_SSH" esxcfg-firewall --ipruleAdd AdminIP,22,tcp,ACCEPT,"Allow_Admin_IP_SSH"
In addition to taking just an IP address, you can also use a subnet as seen by the block all rule. Order of the above rules is very important and you should review the rules to verify everything. See VMware Communities post How to configure service console firewall to only allow access from certain IPs?