Configuration and Patch Management
A key requirement of any well-managed IT infrastructure is to maintain continuous visibility and control of the configuration and version level of every component. Many security vulnerabilities can be greatly reduced by ensuring only approved configuration options are selected and that all hardware and software versions are known and approved.
Configuration Management, especially of sophisticated infrastructure such as a VCE Vblock® System, has two main areas of focus.
- Hardware and Software Components. These are the items that when assembled together constitute a Vblock System. Significant variations from the initial factory-delivered deployment can either convert the Vblock System from one model to another or can result in the Vblock System falling outside of the approved (and therefore supported) Release Certification Matrix (RCM). The main purpose of the RCM is to provide a reference of known, approved, and supported Vblock System components.
- Hardware and Software Configuration Settings. Almost every infrastructure component supports multiple configuration options and settings. These are often prone to “drift” from known reference settings after the initial deployment. Management of these configuration options is essential to maintain functionality and security.
Version and Patch Management is equally essential to maintain the supportability, functionality, and security of any IT infrastructure. The specific version of every hardware, firmware, driver, and other software component must be known and controlled. Poorly-managed changes from the initial versions supported by the RCM will also affect the support status of the Vblock System, as well as potentially affecting functionality and security. The assorted forms of software, in particular, often require rapid updates as new features are added and vulnerabilities remediated. There are potentially a very large number of instances of software-based components, such as drivers, virtualized server hosts, and associated workloads (servers, desktops, applications, etc); therefore a management solution with the ability to scale is highly desirable.
VCE offers several features and facilities that, when combined with the partner ecosystem of products, offer a highly robust solution set to address this critical need. Native features to help address these areas include:
- VCE Hardening of Vblock Systems establishes a solid baseline for the application of site-specific security objectives. The VCE hardening is of particular relevance during the period when the Vblock System leaves VCE control and before the customer security team implements a full set of security controls.
- Release Certification Matrix (RCM) supports operational hygiene by removing risks to schedule, operations, and security. The result is consistent, well-tested platform-for-mission-critical workloads rather than an ongoing lab experiment.
- VCE Vision™ Intelligent Operations enables and simplifies converged operations by dynamically providing a high level of intelligence to your existing management toolset. The newest generation of the software also enables IT to easily update non-compliant software or firmware and quickly scan for and report on configuration security issues in need of remediation. VCE has created integrations with VMware vCenter and VMware vCenter Operations Manager, and partners have created integrations with a range of enterprise IT management platforms.
- VMware® vCenter Server™ provides a centralized platform for managing VMware vSphere® environments, enabling automation and delivery of a virtual infrastructure with confidence.
VCE™ Select Program includes products from investor companies: EMC, RSA, VMware and Cisco. Products here include:
- VMware® vCenter™ Configuration Manager™ a member of the Advanced and Enterprise editions of the VMware vCenter Operations Management Suite, automates configuration and compliance management across virtual, physical, and cloud environments, assessing them for operational and security compliance.
- VMware® vCenter™ Operations Management Suite™ automates operations management using patented analytics and an integrated approach to performance, capacity, and configuration management.