Solved

vsphere compliance checker - prevent spying

Posted on 2012-04-13
9
561 Views
Last Modified: 2012-04-13
In relation to the vSphere compliance checker, the check around preventing other users from spying on admin consoles. Can you give a management friendly overview on who and how a user could spy on the consoles (which “consoles” are they referring to), and how this configuration prevents this. What is the risk if a user can see the admin console, what does this give them? If a hacker wants to spy on such consoles, what position must they be in to spy?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 37841757
When you use the vSphere Client to connect to the ESX/ESXi server, there is an option to Open a Console to a Virtual Server, so you can see the console screen, MULTIPLE consoles can be opened.

This is what is meany by spying!

It's a bit like a Multiple Shadow session, or LogMeIn, Teamviewer, WebEx, etc
0
 
LVL 3

Author Comment

by:pma111
ID: 37841763
So you''d need access to vcenter anyway, and youd be spying on another admin?
0
 
LVL 120
ID: 37841773
Correct.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 3

Author Comment

by:pma111
ID: 37841783
Sorry but whats the definition of console? And by spying on a console, what kind of information could they gather? If they are only admins allowed to access vcenter, is it really much of an issue if they spy on each other, as theyll likely have access to everything anyway!
0
 
LVL 3

Author Comment

by:pma111
ID: 37841785
It sounds like its similar to me spying on my collegue reading a confidential word document, when I could just open the word document myself. Why the need to spy?
0
 
LVL 120
ID: 37841807
If they do not have access to the vSphere Client, they cannot spy. If you prevent access to the vSphere Client, the majority of your risks, are mitigated. So the less Administrators that have access to vSphere Client the better.
0
 
LVL 120
ID: 37841809
Console, is the Remote Connection to the Server, you can view the contents, just like if you are sitting in front of a screen, and someone looks over your shoulder, they can read and see what you are doing.
0
 
LVL 3

Author Comment

by:pma111
ID: 37841831
Have you concerns around your admins spying on one another? Is that why you implement this configuration?
0
 
LVL 120
ID: 37841841
With all Administrators in IT, there must be an element of trust.

also when using Open Console Feature, it states if another console has been opened, but you do not know who.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VMware Fail Over 5 88
VCSA 6.5 missing switches after migration 1 46
Setup in new iPhone 7 Virtual PC 11 84
Backup of system state (VMware) 19 98
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question