Centrify Resource Center

Home  |  Centrify Resource Center  |  Video Chalktalk Library

Securing VMware ESX with Active Directory

VMware ESX is a popular platform for organizations that are migrating from a physical to a virtual computing environment. While vendors like VMware provide administrative tools for managing their virtualization software, security and compliance gaps may still exist for organizations that have not secured access to the underlying operating system on the host machine. This Centrify chalktalk covers best practices for securing VMware ESX host systems by locking down administrative access and controlling administrator privileges. It also describes how the Centrify Suite combined with Microsoft Active Directory can be used to segregate guest systems and delegate administrative duties for the various business owners.

Also see:

Get Adobe Flash player


Running Time

21 minutes

Speaker

David McNeely
Director, Product Management

Moderator

Frank Cabri
VP, Marketing

Topics Covered
  • An overview of how authentication works in a VMware environment
  • The various access methods and administrative interfaces that IT managers can use to access a VMware host
  • Security gaps that exist given the variety of access methods, particularly around the VMware host's root account
  • How to lock down a VMware host through centrally controlled Active Directory accounts and shut down root access
  • Segregating groups of guest systems for different business owners and best practices for delegating administrative duties
  • How Centrify's solution adds additional security protection over the native VMware administrative tools
  • Auditing administrative sessions on VMware host systems
  • How Centrify's patent-pending Zone technology provides an easy and secure way to enforce separation of administrative duties for administrators of virtual guests
  • How security changes as servers begin to migrate from a physical to a virtual infrastructure
View a 5-Minute Demo
3-Part Webinar Series What Gartner Says About Using Active Directory for Centralized Authentication, Auditing and SSO
White Paper Centralized Identity and Access Management with Active Directory View
Now
Video Chalktalk Library Detailed overviews of Centrify solutions and technology

And when RIM calculated ROI for an internally developed application [to authenticate Red Hat, Solaris and HP systems through Active Directory], systems architect Ian Brown said it became evident that it would be too challenging and expensive. What RIM needed, he decided, was a third-party application that worked out of the box. He said they found it in Mountain View, Calif.-based Centrify Corp.'s DirectControl. "Obviously RIM is a publicly traded company, so when the SOX auditors were looking at the access control to our systems, [we] were already covered with Centrify," Brown said. "Essentially, we could just print off a DirectControl report and say these people had access to this Linux system and when." With DirectControl, Brown could instantaneously produce this login documentation. He could then correlate that information to any maintenance ticket ever generated at RIM. Before DirectControl, Brown estimated his staff of six spent dozens of hours each week on local server administration - work they now complete in seconds.

Jack Loftus
SearchEnterpriseLinux
March 20, 2007