vsphere compliance checker - prevent spying

In relation to the vSphere compliance checker, the check around preventing other users from spying on admin consoles. Can you give a management friendly overview on who and how a user could spy on the consoles (which “consoles” are they referring to), and how this configuration prevents this. What is the risk if a user can see the admin console, what does this give them? If a hacker wants to spy on such consoles, what position must they be in to spy?
LVL 3
pma111Asked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
When you use the vSphere Client to connect to the ESX/ESXi server, there is an option to Open a Console to a Virtual Server, so you can see the console screen, MULTIPLE consoles can be opened.

This is what is meany by spying!

It's a bit like a Multiple Shadow session, or LogMeIn, Teamviewer, WebEx, etc
0
 
pma111Author Commented:
So you''d need access to vcenter anyway, and youd be spying on another admin?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Correct.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
pma111Author Commented:
Sorry but whats the definition of console? And by spying on a console, what kind of information could they gather? If they are only admins allowed to access vcenter, is it really much of an issue if they spy on each other, as theyll likely have access to everything anyway!
0
 
pma111Author Commented:
It sounds like its similar to me spying on my collegue reading a confidential word document, when I could just open the word document myself. Why the need to spy?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If they do not have access to the vSphere Client, they cannot spy. If you prevent access to the vSphere Client, the majority of your risks, are mitigated. So the less Administrators that have access to vSphere Client the better.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Console, is the Remote Connection to the Server, you can view the contents, just like if you are sitting in front of a screen, and someone looks over your shoulder, they can read and see what you are doing.
0
 
pma111Author Commented:
Have you concerns around your admins spying on one another? Is that why you implement this configuration?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
With all Administrators in IT, there must be an element of trust.

also when using Open Console Feature, it states if another console has been opened, but you do not know who.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.