Compliance Alerts

Now that we have enabled vSphere configuration compliance, let's check how compliant our vSphere environment is:

  1. Select the vSphere World custom group as you did in the previous example. Navigate to the Analysis tab and select Compliance. As you will notice from the following image, the compliance badge score has dropped to 83% after we activated all the configuration compliance policies:
It may take a few minutes until the Compliance badge score changes, reflecting the newly activated compliance alerts.
  1. If you scroll down, you will see all the objects that violate the Compliance policies. Let's go and select one of the objects that violates compliance and examine what exactly is causing the violation. In this example, I will be selecting one of the ESXi Host Systems:
  1. In the Compliance Breakdown area, you can select to either show all the violated standards or all standards. Upon selecting Violated Standards, you are presented with a list of the standards/policies that this object violates. As you can see in this example, the host system violates the ESXi Host, which is violating the VMware vSphere Hardening Guide policy. Upon selecting the violated policy, you will be presented further down with a list of all Violated Rules (or Symptom Definitions):

In this example, the named ESXi host system is violating the vSphere Hardening Guide. The following are some of the rules that the host system is violating according to the triggered symptoms:

  • ESXi.config-ntp: NTP firewall rule is not configured
  • ESXi.set-shell-interactive-timeout: Timeout is not configured for idle ESXi Shell and SSH sessions
  • ESXi.enable-ad-auth: Local user authentication is not configured with Ldap
  • ESXi.vNetwork.enable-bpdu-filter: BPDU filter on the ESXi host to prevent being locked out of physical switch ports with Portfast, and BPDU Guard not enabled

If you navigate to the Alerts tab and review the recent alerts, you will notice that a compliance alert is being raised. A compliance alert is triggered because a standard is violated. Click on generated compliance alert:

The symptoms that triggered this alert appear as rules violating a particular configuration:

If a symptom is triggered for any of the compliance alerts, the standard is violated and affects the badge score on the Compliance tab.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.217.107.229