Solved

vpshere device management checks

Posted on 2012-04-13
8
315 Views
Last Modified: 2012-04-13
The vsphere compliance checker checks for some issues around “devices”, specifically:

•      Ensure unauthorised devices are not connected

•      Prevent unauthorised removal connection and modification of devices

1)      For starters, what is the definition of “unauthorised device”, and when they say “connected”, connected to what?

2)      Who could (what permissions would they need) connect an unauthorised device?

3)      What is the overall risk in connecting an unauthorised device?

4)      How does this setting prevent this, and who is it preventing?

5)      When they refer to “removal” or “modification”, can you explain what they mean, and their definition of device?

6)      What is the overall risk in removing or modifying a device? Who could do it? And how does this setting prevent such?
0
Comment
Question by:pma111
  • 5
  • 3
8 Comments
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 37841767
floppy drive, cdrom drive or USB devices to the VM.

then you have the same issues, as a physical computer, letting users copy data to floppy drive, cdrom drive or USB devices, which could result in the stealing of data.
0
 
LVL 118
ID: 37841772
1. floppy drive, cdrom drive or USB devices to the VM.

2. VMware Administrators as defined by vCenter.

3. Stealing Data

4. Remove all devices from the VM

5. Remove or Add a floppy drive, cdrom drive or USB plug and play

6. VMware Administrators
0
 
LVL 3

Author Comment

by:pma111
ID: 37841789
Is there any valid case whereby a VM would need a CD ROM, USB drive etc?
0
 
LVL 118
ID: 37841810
Yes, install software?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Author Comment

by:pma111
ID: 37841833
So in such cases youd have to lift the policy setting to allow them to do so, and then reapply it after?
0
 
LVL 118
ID: 37841844
if you need to add a cdrom.
0
 
LVL 3

Author Comment

by:pma111
ID: 37841933
Is that the only way they could steal data from within vcenter, i.e. by adding a device like CD ROM?
0
 
LVL 118
ID: 37842154
vCenter allows the addition of devices.

you cannot steal data, other than copy and paste from the console, but you cannot copy and paste files.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
delete phantom  datastores 5 52
ESXI home lab network setup (KISS) 12 124
vmware vcenter install/upgrade issue 6 80
VMWare esxi 5.1 to 6.0 upgrade 15 43
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now