vpshere device management checks

The vsphere compliance checker checks for some issues around “devices”, specifically:

•      Ensure unauthorised devices are not connected

•      Prevent unauthorised removal connection and modification of devices

1)      For starters, what is the definition of “unauthorised device”, and when they say “connected”, connected to what?

2)      Who could (what permissions would they need) connect an unauthorised device?

3)      What is the overall risk in connecting an unauthorised device?

4)      How does this setting prevent this, and who is it preventing?

5)      When they refer to “removal” or “modification”, can you explain what they mean, and their definition of device?

6)      What is the overall risk in removing or modifying a device? Who could do it? And how does this setting prevent such?
LVL 3
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
floppy drive, cdrom drive or USB devices to the VM.

then you have the same issues, as a physical computer, letting users copy data to floppy drive, cdrom drive or USB devices, which could result in the stealing of data.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
1. floppy drive, cdrom drive or USB devices to the VM.

2. VMware Administrators as defined by vCenter.

3. Stealing Data

4. Remove all devices from the VM

5. Remove or Add a floppy drive, cdrom drive or USB plug and play

6. VMware Administrators
0
pma111Author Commented:
Is there any valid case whereby a VM would need a CD ROM, USB drive etc?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Yes, install software?
0
pma111Author Commented:
So in such cases youd have to lift the policy setting to allow them to do so, and then reapply it after?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
if you need to add a cdrom.
0
pma111Author Commented:
Is that the only way they could steal data from within vcenter, i.e. by adding a device like CD ROM?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
vCenter allows the addition of devices.

you cannot steal data, other than copy and paste from the console, but you cannot copy and paste files.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.