Virtualization Adapted Adapting Business Processes for Virtual Infrastrcuture (and vice-versa)


VMware Security Compliance Tools

Filed under: virtualization — Tags: , , , , , , , , , — iben @ 10:37
This is a short list of Tools and Documents concerning security in a Virtual Infrastructure.
Tools – page 1
Documents – page 2



  • Configuresoft’s Center for Policy and Compliance (CP&C) has led the industry in forming opinion and bringing together published security and compliance information to build a rich library of compliance toolkits that are available for download by Configuresoft customers from These CP&C Compliance Toolkits include:
  • VMware Infrastructure 3 Security Hardening Guidelines and VMware Virtual Center Best Practices
  • FISMA Compliance Toolkit for Virtual Computing
  • GLBA Compliance Toolkit for Virtual Computing
  • HIPAA Compliance Toolkit for Virtual Computing
  • Sarbanes-Oxley (404) Compliance Toolkit for Virtual Computing
  • DISA STIG Compliance Toolkit for Virtual Computing


HyTrust Appliance –

  • The HyTrust™ Appliance offers IT managers and administrators of virtual
    infrastructure a centralized, single point of control and visibility for:
  • configuration management
  • compliance auditing
  • access management
  • best practices
  • process workflow
  • security controls



  • ConfigCheck rapidly assesses the security of ESX 3.0 and 3.5 hypervisors compared to the Virtual Infrastructure 3 Security Hardening Guidelines.
  • ConfigCheck assesses nearly 100 configurations of the ESX server, and most VI professionals who run the test find significant vulnerabilities. ConfigCheck’s remediation report provides detailed, step-by-step guidance to bring your virtual environment into a state that is secure. ConfigCheck helps you:
    • Ensure recommended ESX configurations
    • Discover possible vulnerabilities
    • Deploy virtualization safely and securely
    • Increase security posture of the entire enterprise
    • Reduce configuration drift


  • VMinformer is a security tool designed to check the security posture of your VMware environment. The tool comes with pre-defined policies that can be customized to suit your specific requirements and are based on industry best practices such as ‘VMware’s Security best practice hardening guide’ and the ‘DISA ESX STIG’ hardening guide. The policies also contain rules that have been based on extensive research and industry experience.
  • Features:
  • Connects to your ESX hosts or Virtual Center (v3.0, 3.5 and VC 2.5)
  • Pre-defined policies based on industry best practices (VMware security hardening guide)
  • Policies can be customized for your environment
  • Provides full visibility and monitoring of your ESX hosts and Virtual machines
  • Dashboard – Provides a graphical overview of VM’s and Security Posture
  • Reporting
  • Remediation guidance


Powered by WordPress