ESXi Hardening : vSwitches Network Policy

Last week i was working with a customer on some of the security hardening pointers. They were concerned about vSwitches Network Policy.

Shared the following recommendation with them. Hope this is useful.

In VMware vSphere, vSwitches have two network policy settings called “MAC address changes” and “Forged transmits” that control the behavior of virtual machine (VM) network traffic. Let’s understand the implications of changing these settings from “Accept” to “Reject”:

Continue reading “ESXi Hardening : vSwitches Network Policy”

VMware Event Broker Appliance : VEBA

The VMware Event Broker Appliance Fling enables customers to unlock the hidden potential of events in their SDDC to easily create event-driven automation. The VMware Event Broker Appliance includes support for vCenter Server and VMware Horizon events as well as any valid CloudEvent through the native webhook event provider. Easily triggering custom or prebuilt actions to deliver powerful integrations within your datacenter across public cloud has never been more easier before. A detailed list of use cases and possibilities with VMware Event Broker Appliance.

Use Cases

Continue reading “VMware Event Broker Appliance : VEBA”

Configuring an external firewall to allow ESX/ESXi and vCenter Server Traffic

Last week i was working with a customer, who is planning to add firewall on their external ESXI on which they have public IP.

Their requirement was to have the exact list of ports required for this activity. We have worked and enabled the following:

Mandatory Ports:

  • 22 – SSH (TCP)
  • 53 – DNS (TCP and UDP)
  • 80 – HTTP (TCP/UDP)
  • 902 – vCenter Server / VMware Infrastructure Client – UDP for ESX/ESXi Heartbeat (UDP and TCP)
  • 903 –¬†Remote Access to VM Console (TCP)
  • 443 – Web Access (TCP)

Continue reading “Configuring an external firewall to allow ESX/ESXi and vCenter Server Traffic”