VMware consultants will use three principal methods to gather environment data necessary to complete the engagement—documentation requests, technical data gathering, discussions with <CUSTOMER NAME>, and administrators/architects for both virtualization and security.
Typical documents requested for this project include, but are not limited to:
- Information security data classification policies/security requirements for in-scope security zones
- Firewall rules and configuration requirements
- Security hardening guidelines and templates for vCenter Servers, networking, hypervisors, and other in-scope VMware products
- Security operational procedures for the virtual environment
We will conduct technical data gathering using custom tools and scripts. In order for the scripts to be run, administrative access may be required. After documentation review and technical data gathering, we will perform an initial review to identify any gaps in the data gathering process. We will attempt to address any gaps and gather additional information with the <CUSTOMER NAME> personnel. These sessions often include, but are not limited to:
- Virtualization administrators
- Virtualization architects
- Active Directory administrators
- Security administrators
- Security architects
- Risk analysts