Boost Fertility New Invention Ups Success Rates.pdf
VMworld 2013: How to Identify if Your vSphere Environment is Configured to Meet Your Internal IT Standards
1. How to Identify if Your vSphere Environment is
Configured to Meet Your Internal IT Standards
Becky Smith, VMware
VCM4981
#VCM4981
2. 22
Agenda
Introduction to vCenter Operations Suite
vSphere Configuration and Compliance challenges
in the Cloud
Addressing these challenges with vCenter
Configuration Manager (vCM):
• Integrated Virtual and Cloud Infrastructure
• Automated Operations
3. 33
VMware Cloud Management
Multiplatform Hybrid Multi-provider
Broker
of IT Services
VMware simplifies and automates IT management
and empowers IT to govern services
across multiple platforms and providers
CIO
Turn management into manageability through
intelligent, policy-based automation
The VMware
Approach
4. 44
VMware Cloud Management – Key Solution Areas
Automate the delivery
of infrastructure,
applications and
desktops as a service
across multiple clouds
and platforms.
Cloud
Operations
Manage the health,
risk, efficiency and
compliance of your
infrastructure and
applications.
Cloud
Business
Govern and manage
cloud services as a
critical element of
running IT like a
business.
Intelligent operations
Policy-based
automation
Unified management
Financial
transparency
Industry norms
Prescriptive guidance
Automate everywhere
Policy-based control
and governance
Choice and flexibility
5. 55
Cloud Operations – vCenter Operations Management Suite
• Prebuilt and configurable operations dashboards
provide real-time insight into infra. behavior
• Self-learning performance analytics and dynamic
thresholds enable early problem detection
• Policy-based config mgmt ensures continuous
compliance
• Capacity management optimizes resource usage
• Application discovery, monitoring and dependency
mapping enable enterprise-wide visibility
Benefits
Overview
Right Now Future Focused
vCenter Operations Management Suite
Sources: *Forrester, “The Total Economic Impact of VMware vCenter Operations Management Suite” Dec 2012;
**Management Insights Customer Survey, September 2012
Integrated performance, capacity and
configuration management
• Higher quality of service, fewer incidents and less
downtime of infra and app services
• 67% IT productivity gain from simplified
performance, incident & change mgmt tasks*
• 30% reduction in server CapEx from rightsizing
and reclaiming over-provisioned capacity*
• 60% increase in VMs managed by a single VI
admin**
6. 66
Cloud Operations Management Value
36% reduction in application downtime
26% reduction in diagnostics and problem resolution time
40% improvement in VMware capacity utilization
37% improvement in consolidation ratios
30% increase in hardware savings
60% increase in administrator productivity
50% total IT cost savings in combination with vSphere
Source: Management Insights Customer Survey, September 2012
8. 88
Customer Configuration and Compliance Concerns
We have fully embraced
vSphere but ensuring
compliance with internal
best practices consumes
massive amounts of my
teams time.
We lack visibility into our
cloud and the increased
velocity of change has
made our change
management process
extremely challenging.
9. 99
Cross-cloud Compliance Governance
Govern, automate and enforce compliance in the cloud:
For each cloud: create separate groups, configure compliance templates, collect
data for every managed system and remediate compliance breaches.
Configure separate
compliance templates
for each cloud
Track compliance
results for each cloud
11. 1111
Configuration Management – Across Virtual Infrastructure
Configurations for the entire
virtual infrastructure
• Across Multiple vCenters & vCloud
Directors
1,000’s of Settings and
Configurations collected for:
• vCenter
• vSphere Hosts & Guests
• Virtual Network & Storage
• vCloud Director
• vShield
Fix settings across multiple
vCenters & ESX(i) servers at once
12. 1212
Configuration Management – Simplified Visualization
vSphere Host Summary Dashboard
• Provides overall vSphere Hosts Configuration Summary
State of the
Hosts
Makeup of the
Environment
Host
Compliance
Posture
Drill
in for
Details
VI Admin: “What is the status of my HOSTS in my environment? Is it what I expect?”
13. 1313
Configuration Management – Simplified Visualization
vSphere Guest Summary Dashboard
• Provides overall VM Configuration/Status Summary across vCenters
Accurate OS
Counts
VM Tool
Status
VM
Compliance
Posture
Drill
in for
Details
VI Admin: “How do I see visibility of at a glance guest configurations to find variants?”
14. 1414
Create Internal IT Best Practice Standards
vCM Compliance Management
• Build compliance rules that meet your internal standards
• Across multiple vCenters and vCDs
VI & vCD Admins: “How can I be made aware of unwanted change? Drive MY Best Practices”
Create simple rules Rule Groups
span your IT
Best Practices
Severity
15. 1515
Virtual Environment Compliance Posture
Virtual Compliance Dashboard
• Assess compliance status across vSphere & vCD environments
• vCenters, Clusters, Hosts, Datastores, VMs, vCD Orgs, vDCs & vApps
Latest
Compliance
Results
VI & vCD Admins + Security Teams: “Is my Virtual Infrastructure compliant?”
View Results
in VI context
• Data Centers
• Clusters
• vCD Orgs
• vShield
Security
Groups
16. 1616
Out of the Box Standards Compliance
Center for Policy and
Compliance
Out of the Box Templates
• Use as is
• Leverage to start your Internal
Standards
• Use in Conjunction with your
Internal Standards
VI & vCD Admins + Security Teams: “How can quickly I meet industry standards and guidelines?”
Compliant
VI
vSphere
Hardening
Guides vCM Best
Practices
DISA ESX
PCI DSS 2.0
for
vSphere/ESX
ISO 27002 -
vSphere
Basel III -
vSphere
CIS for ESX
FISMA ESX
GLBA ESX
HIPAA ESX
SOX ESX
View
Hardening
Guidelines
18. 1919
Detect an Unwanted Change in Host Configuration
Quickly understand what has changed
• Date, Machine, Data Type
Uncover unwarranted virtual environment changes
• SyslogDir, SyslogDirUnique, SyslogHost
Incorrect
Syslog
settings
Search for
vSphere Host
19. 2020
Understand the Scope of Change
Are these misconfigurations prevalent?
• Check settings on ALL hosts in the environment at once
• Use column grouping to understand where problems lie
Incorrect
settings exist
View across
multiple hosts
and vCenters
20. 2121
Remediate Mis-configuration Across All Hosts
Change incorrect ESX settings from within vCM
• Run on multiple hosts across multiple vCenters at once
Change ESX
Hosts Settings
Change across
multiple hosts
and vCenters
21. 2222
Verify and Audit the Change
vCM verifies changes were successful
Confirm or track changes by
• User, Date, Machine, Data Type
vCM initiated changes include User information
Users
Tracked
Times
Tracked
Select
Date
22. 2323
Proactively Guard Against Future Unwanted Changes
Create IT Compliance to drive your IT Internal Standards
Create new
Compliance
Rule
Chose Data
Type
1,000s of Data
Points
Build
Compliance
Rule
24. 2525
Compliance Visibility in Operations
Overview
• Roll up Hardening and
Compliance Status into
Risk Score
• Launch vCM in context
to remediate out of
Compliance systems
Benefits
• Enable Operations to
standardize on system
configurations and
quickly know when they
change
Drill into vCM for
details and to fix
violations
Compliance Score
as part of
Operational Risk
26. 2727
A Variety of Personas Can Benefit from VCM
Infrastructure Admins
• Templatize configuration settings for vSphere Hosts and vCenters. Replicate
settings from POC to Production.
• Consolidate configuration and execute large scale change operations across
multiple vCenters and Hosts
• Use compliance to ensure internal and external standards for vSphere
systems
Security Admins
• Define Internal Hardening and Regulatory Compliance (HIPAA, PCI, etc) for
vSphere
• Report on compliance status and recommend remediation for non-compliance
27. 2828
VCM Supports Private, Public and Hybrid Cloud Models
Benefits
• vSphere change
management and
compliance assurance for
both Consumer and Provider
• Ability to leverage the cloud
for compliant sensitive work
loads
• Ability to manage guests
across Clouds
• Guest compliance
• Patching
• Change management
vSphere
DMZ
HIPAA
Private Cloud Public Cloud
vSphere
Consumer
Provider
VMware
Compliance visibility
across owned
infrastructure and
all guests
Compliance visibility across
owned infrastructure
30. 3232
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1315 vCloud Suite Use Cases - Control & Compliance
Group Discussions:
VCM1002-GD, VCM1004-GD
Cloud Operations with Hicham Mourad or Sam McBride