Download VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION User`s guide
Transcript
Getting Started with VCM Customize VCM for your Environment Customization of your environment is essential to fine-tune the visibility of configuration information so that the policies you develop and the actions you take are appropriate for your IT infrastructure. Create a machine group structure that matches the organization of the machines in your environment. With these machine groups, you can manage specific machines in your environment such as all SQL Servers in a particular location. You can apply specific changes or create roles and rules for those machines independently from other machines in your environment. This approach ensures that you can restrict access to critical machines to the appropriate users with rights to VCM. You can customize the following options for your environment. n Alerts: Define the objects and types of changes that you are alerted to when they are detected in VCM. For example, you can set an alert to notify you if a registry setting changes in your environment. n Collection Filters and Filter Sets: Use collection filters to specify the data to collect from the VCM managed machines. A default collection filter is provided for each data type. You can add custom collection filters that are specific to your enterprise. You can apply filters during instant collections and scheduled collections if the filters are included in a filter set. After you create collection filters, organize them into filter sets. You can create specific filter sets or filter set groups for different machine groups. You can apply filter sets during instant collections or scheduled collections. n Compliance Templates and Rule Groups: Use compliance templates and rule groups to define specific settings and verify whether or not the machines match those criteria. VCM provides prepackaged templates and rules to check the compliance of your machines with regulatory, industry, and vendor standards. VMware provides additional compliance packages that you can import into VCM. n Reports: Create and print tailored reports of information that does not appear in VCM. VCM provides prepackaged reports that you can run after you collect data from your VCM managed machines. n Roles and Rules: VCM roles and access rules work together to control user access to VCM. For example, you can create a role that allows a user to view all data, but not make changes to the environment. You can create a role to run certain reports or a role that allows unlimited access to a single machine group. Refer to the online Help about User Manager for more information. The VCM Change Restricted role limits users from making certain changes in your environment. See "Understanding User Access" on page 71. For more information, see the online help. For information to import additional compliance packages into VCM, see Import/Export and Content Wizard. For questions about VCM, contact VMware Technical Support. How to Set Up and Use VCM Auditing The VCM Auditing capability tracks all changes in the security aspects of VCM. Security-related events are written to the Windows Event Log, which is stored on the Collector, and is independent of the VCM application. The format of the event log prohibits any modifications to the recorded entries, which makes it a secure and tamper-proof auditing record of changes in security. When you perform an action in VCM that affects security, and the auditing setting that corresponds to that change is enabled, the event is written to the event log. Examples of VCM actions that cause events to be written to the event log include user log on and log off, session timeouts, changes in managing users, changes to passwords and administration settings, changes in network accounts and authority, collection requests, and service and registry changes. VMware, Inc. 139