Control Your Physical and Virtual IT Infrastructure with VMware vCenter Configuration Manager
George Gerchow, Chief Cloud Executive ITIL, CISSP, CCNA, MCPS, SCP, VMware
• Cloud Computing and Virtualization Ride • VMware Solutions for Private Cloud (ITaaS)
Key Business Drivers
• What is VMware vCenter Configuration Manager
Change Management and Compliance Simulated Demo
• Competitive Differentiators
IT Management is Changing in the Cloud Era
• • • •
Management and Security
Infrastructure Renters (IaaS)
987 (15%) Data Security $3.001 (8%)
U.Security and Compliance Market Overview
$30B Worldwide in 2009 Market Size($M) in 2009 Segments We Address
Anti-Virus Network Security $9.9%
Application $713 Security (8%)
Source: FORRESTER.136 (8%) Security Operations $2.8B on GRC activities in 2010.565(20%)
Change Mgmt $4.001 $3. companies will spend $29.096 (7%) Endpoint Security $3.258 (19%) Identity Mgmt $3. 2009
Endpoint Security Antivirus Network Security
Market Growth Rate
Market Identity Management Change & Compliance Others Size in 2012
.S. up 3.
Integrien: Real-time performance analytics solution analyzes and correlates data across the monitored IT infrastructure Service Manager: Federated CMDB. self-service portal
Turn IT performance data into actionable information
Deliver self-service with control
. scale your infrastructure without adding staff.Next Gen IT Management – VMware
Get a fast & accurate datacenter view Optimize capacity for virtual infrastructure Avoid configuration drift & maintain compliance
Application Discovery Manager: Simple application dependency views. automated processes & workflow. agentless & non-intrusive
VMware CapacityIQ: Eliminate waste by identifying any unused or over-allocated capacity vCenter Configuration Manager: Manage change.
VCM Business Benefits – Summary
Compliance and Remediation to Lower Risk
Manage and Control Virtualization
Change Management to Mitigate Outages
Harden Environment to Reduce Threats and Breaches
Provisioning & Patching inline with Compliance to Eliminate Vulnerabilities
“Operational Efficiency & Tool Consolidation”
to positively affect people. VCM has the ability to “Right-Click Fix” or auto remediate non-compliance or mis-configurations.vCenter Configuration Manager (VCM) Solution Overview
DISCOVERY & CHANGE Discover hundreds of Physical. OS and Application parameters to build a repository and of Configuration Information for thousands of OS instances and progressively track point in time configuration change. Quickly analyze on every instance against known patches and compliance factors to understand your risk position.
. process and technology.
Lastly. Data Warehousing and Business Intelligence solutions are used to analyze historical results. including file integrity monitoring`. with present conditions. Verify the remediation and optimization schedules are producing positive outcomes for the organization.
Asset classification allows the analysis and reporting to quickly understand where the most value can be achieved in the shortest amount of time – Decision Support. Virtual. leveraging Key Performance Indicators and Balanced Business Scorecards.
Enterprise System Reporting on the optimization and security posture of all systems within the enterprise.
Controlled • Updates and fixes • Infrastructure changes • Component patches
Type: Unplanned. Uncontrolled • User Changes • Unapproved Admin Change • Exploits • Shadow IT Origin: End Users. Suppliers
Type: Planned.Understanding Progressive Change
SOX & HIPAA
DISA & PCI
CIS & PCI
Virtualization HardeningvCenter VMware vSphere + Guidelines
Build Gold Standards
Cluster B Cluster A
.VMware Approach to Security and Compliance
Harden and secure the components Policies built from out-of-thebox compliance templates • Harden the hypervisor configs
FISMA & PCI CIS
• Harden the hypervisor guest
Virtual Datacenter 1
Virtual Datacenter 2
• Harden the Guest OS
Physical and Virtual
Desktop and Servers Win. UNIX. network. etc.
g.Save Time with Automated Patching and Provisioning
Common provisioning platform for both physical and virtual environments
Software Provisioning (Windows) • Create software packages • Push packages to systems & guests • Tied to compliance • Push software to systems out of compliance
(e. Windows and Linux) • Install ESX to Bare Metal • Install OS in a VM Container in ESX/ESXi • Install OS to Bare Metal
Patching to Mitigate Vulnerabilities • Pull down patch bulletins for the OS vendors • Assess the infrastructure for vulnerabilities • Remediate .Push patches out to the guests
and systems that need them
Provision Standard Images (vSphere.
Red Hat Enterprise Linux Server 2.0. 10.3.1
Mac OS X
10. 9. Itanium.6. Vista Business. Ultimate. 4.1 HTTP • VMware vCenter 4
Web Interface Admin Client
Physical 64-Bit Processor Support
DMZ • For Windows: Xeon64.3. 4. 4. Enterprise • Windows 7 Business. 2003 R2. 5. 6. 5.5 (PPC and Intel)
(vCM Remote) DCOM/HTTP
AIX 4. 4. 2008 R2 • XP Professional • Vista: Business. 5. 5 SUSE Linux Enterprise Server 9.0. 3.4. 5. 11.3 11.vCenter Configuration Manager Architecture
VMware Virtual Guests
(Windows. and AMD64 • For Linux: Xeon64 and AMD64 • For UNIX: Sun Sparcv9. Intel64 and AMD64
64-Bit Windows Support
• 2003.2. 8.0u1.0. 10
• ESX 2.2008.5. Itanium (HP-UX). 3. 10. 10. Enterprise
vCM Architecture and Coverage
. 2008. UNIX. 3. Ultimate.2.0 3. 2008 R2.0u2. Red Hat Enterprise Linux Workstation 3.1 HP-UX 11i V 1.5 • VMware vSphere 4. 2.1. Ultimate & Enterprise.3. XP Professional X86.1. & Linux)
2000.5 DCOM/HTTP • VMware ESXi 3. 10.0 Solaris 2. 2003.
Understand Compliance Directly Inside vCenter
Analyze overall compliance trends across the enterprise Drill into specific VCM tab in compliance and vCenter gives configuration you easy access details for host to compliance summary data
Guest Identify specific system configuration compliance and patch violations at a details glance
Select systems and patches to deploy
Centrally control patching process
Monitor and plan patching from a single location
.Manage Patching Across the Enterprise with VCM
Report on patch-level status across the enterprise (Unix.
Compliance Analysis and Remediation with VCM
View available compliance templates
Pinpoint what systems failed what checks Report on overall compliance posture
Select PCI compliance analysis results Triage vital Fix compliance issues to violations address for critical systems
or was not executed Change Reconciliation
Capturing out of Band Change
Improving and measuring the process
CMDB CI updates
Service Catalogue Security & Compliance
.Integrating into VMware Service Manager
Need an RFC before making a Change
.Emergency Change Capability
Auto Creating an RFC then having it go through the CM process Verifying the Change was.
Selected all Machines Out of Band!
Trail of Guilt….
Turn on Service Desk Integration
Let’s Get the Party Started
Typical Pebkac Scenerio
ID10T calls Service Desk. roll that sucka back
. cannot access Server
Reporting is not enough.
load app and back up files from tape • ETA 6+ hours
.Un-Planned Change Real World Example
7:30am Exchange Server “Blue Screen of Death” • Called by Exec VP of Operations
Mission Critical Application
• No CM record found within Service Desk
Recovery Plan Established at 8:30am • Rebuild OS.
uninstalled drive • Exchange Server restored in 5 minutes Provided Factual Report to Senior Management • Established credibility. saved time & $$$$$
.Un-Planned Change Real World Example – Continued
What about the Technical Controls Change Log? (8:35am) • Found a new network driver was installed • Safe Mode login.
Visibility & Accountability
Security and the Impact of Change
Dependencies of Change
Virtualization & Cloud Management – Competitive Differentiators
• Compliance Content. Service Catalog • Product Integrations
. Automation • Virtualization Enablement • Closed Loop Change Management
• Agentless Discovery of Application Dependencies
• ITSM Process. CMDB.
. please visit www.
For more webcast information.Thank You
This webcast has been recorded and a link to the on-demand version will be sent to you in a follow-up e-mail along with a PDF copy of the slides.com/go/webcasts Follow us on Twitter at www.twitter.