VMware and SSL Settings: How to Stay Safe
Proper use of Secure Socket Layer security is a mystery even to many virtual server administrators, but it seems to be mysterious even to the developers who build it into their products-whether they know it or not.
The VMware v3.5.x Configuration Guide states that SSL is not enabled in the virtualization software by default. It claims that the initial contact between components is protected but no further communication.
While my previous blog on the SSL MiTM attack refutes even the first statement, I didn't mention that the data being communicated along with those early packets is mainly credential information, which should be protected. I also didn't go into whether we need to protect the rest.
Before we can answer that question we need to understand how the traffic is transferred and between what points. There are at least two systems involved, if not three. So a quick summary of communication is needed.
The first connection is between the VMware Infrastructure (VIC), Remote CLI (RCLI), or VI SDK client and the Virtual Center Management Server (VCMS).
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
VMware
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
[Disclaimer: I am an
[Disclaimer: I am an employee at VMware but opinions expressed here are my own and do not necessarily reflect those of my employer.]I'm a developer at VMware. Here's my attempt to clarify exactly how we use SSL.
All network communication with the VMware APIs/interfaces in VI3 (ESX 3.0, 3.5, VC 2.0, 2.5 etc. as well as Server 2.0) is SSL encrypted. This includes all SDK and management agent communication with VirtualCenter and the Virtual Infrastructure client, which uses SOAP over HTTPS. It also includes direct communication between a browser and the ESX host, *and* remote display and remote device connections initiated by remote clients.
The only exception to this are management connections initiated from the same machine over the loopback interface, which are allowed to use unencrypted SOAP over HTTP rather than HTTPS.
There should be an expertise
There should be an expertise requires to use and install SSL Certificate.Web Design SEO Services Website Designers
Experience Requires
I think the installing VMware and SSL Settings. You have to require experience. Web Design Web Design Firms Professional Web Design Web Designers Business Proposals Proposal Software RFP Response RFP Software