The ability to monitor and manage vSphere environments gets most of the attention from the VMware vRealize Operations (vROps) community, but the platform also has visibility into Configuration and Compliance. The fourth pillar of the Quick Start page gets us started.
Start by clicking the Compliance link.
There are two available tabs: SDDC and VMC SDDC. They represent your private cloud vSphere SDDC and your VMware Cloud SDDC on AWS environments respectively. There are three groups of benchmarks available:
VMware SDDC Benchmarks - security configuration guides for your private cloud VMware SDDC
vSphere Security Configuration Guide (SCG)
vSAN Security Configuration Guide
NSX-T Security Configuration Guide
Click the ENABLE link at the bottom of each tile to enable them. Let's start with the vSphere SCG, the latest SCG for vSphere 7 can be found here: https://core.vmware.com/security-configuration-guide-7
Select the Policies in which you want to enable the SCG and click the ENABLE button. The initial assessment is kicked off, do the same for the vSAN SCG and the NSX-T SCG.
Once initial assessments are complete you'll have something like this.
Each tile will tell you if it's Compliant (green) or Non-Compliant (red), like the vSphere SCG above. Details are also given showing the number of objects that are compliant/non-compliant and Alerts detailing each SCG violation.
The second set of Benchmarks are the Custom Benchmarks.
Click the Add Custom Compliance tile to either create your own custom benchmarks or import existing ones.
The third set of benchmarks are the Regulatory Benchmarks, documentation here: https://docs.vmware.com/en/vRealize-Operations-Manager/7.5/com.vmware.vcom.core.doc/GUID-305500DF-85B5-49BF-9077-A0DBD93AA121.html
PCI Security Standards
CIS Security Standards
DISA Security Standards
FISMA Security Standards
HIPAA Compliance
ISO Security Standards
You first ACTIVATE FROM REPOSITORY by clicking the link at the bottom of each tile, then enable them by clicking the ENABLE link.
Once initial assessments are complete you can click on each tile for more details. Here are the CIS Security Standards details in my environment.
The second part of the Configuration and Compliance pillar focuses on Configuration. Specifically on Configuration of Virtual Machines, ESXi Hosts, Clusters, and Distributed Switches.
Let's start with VMs, click the Virtual Machine link, you'll be taken to the VM Configuration dashboard.
Once a Datacenter is chosen you'll see VM configuration details: limits, reservations, shares, VMware Tools information, CPU, Memory, Disk, and more. This dashboard is a nice summary of VM configurations in your vSphere environment.
Next, click the Host link to explore the ESXi Host Configuration dashboard. You will find things like: hardware models, ESXi versions, BIOS versions, CPU configuration details, NTP, SSH, vMotion, etc.
The third Configuration dashboard is for vSphere Clusters. It summarizes Cluster Configuration details like HA Status, DRS Status, DPM Status, Admission Control, CPU Reservation details, Memory Reservation details, and more.
The fourth and final Configuration dashboard is for Distributed Switches. Click the Distributed Switch link and you'll be taken to the Network Configuration dashboard.
