VMware vRealize Operations Manager – Ensure Host Compliance Against vSphere Hardening Guide
On top of the many new features of vRealize Operations Manager, one that I was impressed with is the ability to have vROps compare the configuration of your ESXi and Virtual Machines against the VMware vSphere Hardening Guide. Now, instead of manually checking all of your settings, or relying upon a script to pull information, you can quickly view compliance within the same application you’re already using for performance, risk assessment, and forecasting. Wouldn’t it be nice to see something as simple as this to know if you’re in compliance or not?
If you haven’t looked at vRealize Operations Manager 6 yet, you’ll quickly find out that many of the configurations and settings are policy driven. This gives you the ability to configure different polices and apply them to different groups of objects. This allows you to see all objects within the same view but still have them measured against the required SLAs, limits, etc for individual groups. To enable the vSphere Hardening Guide alerts, you must enable it within an active policy. You can also assign the “built-in” vSphere 5.5 Hardening Guide policy to a group, which is how I’ll demonstrate it below.
1.) Create a custom group to include your VMware ESXi hosts. To see details on how to create a custom group, check out this article. It’s based on vCOps 5.8.3 but still applies.
2.) Assign the vSphere 5.5 Hardening Guide to the newly created group. To do this, navigate to Home > Administration > Policies > Policy Library Tab.
3.) Expand Base Settings and select the vSphere 5.5 Hardening Guide.
4.) Under the Related Items tab in the bottom pane, click the + sign to associate the policy to the group created in Step 1.
5.) Once associated with the group, it should start displaying alerts after a few data collections. Default collection time for objects in vROps is 5 minutes.
6.) Once alerts show up, you can view the ESXi servers that are violating the hardening guide from the Recommendations Tab, the Alerts setion, or by (1) selecting the host and navigating to (2) Analysis > (3) Compliance > (4) Clicking Violated Standard. From here you can view the individual violations and determine what changes should be made, if any.
I should also mention that you can easily download the Hardening Guide by clicking the link in the alert on the Recommendation page shown here: