Compliance is all about ensuring objects in your environment meet industrial, governmental, regulatory, or internal standards. For example, you can check compliance against the vSphere 5.5 or 6.0 Security Hardening Guide.
Compliance in vRealize Operations can be achieved with the following mechanisms:
- Alerts: Use alert-based compliance to ensure that objects in your environment are meeting the required standards
- VMware vRealize Configuration Manager (VCM): Use the results of the compliance templates to ensure that objects are in compliance
In vRealize Operations, you can use the alert-based compliance that is provided, or if you also use VMware vRealize® Configuration™ in your environment, you can add the adapter that provides configuration compliance information in place of the alert-based compliance.
In vRealize Operations 6.6, VMware now offers compliance packs for two of the industry's most widely used standards of today:
- Payment Card Industry Data Security Standard (PCI DSS) compliance for vSphere
- Health Insurance Portability and Accountability Act (HIPAA) compliance for vSphere
Both compliance packs provide alerts, policies, and reports to validate the VMware vSphere resources against the PCI (v3.2) and HIPAA hardening guides.
The following resources are being validated using the compliance pack:
- vCenter
- ESXi Host
- Virtual machines (three risk profiles available, with risk profile 1 being the most restrictive)
- Distributed port group
- Distributed virtual switch