2. 22
Agenda
Introduction to vCenter Operations Suite
vSphere Configuration and Compliance challenges
in the Cloud
Addressing these challenges with vCenter
Configuration Manager (vCM):
• Integrated Virtual and Cloud Infrastructure
• Comprehensive Operating System
• Automated Operations
3. 33
VMware Cloud Management
Multiplatform Hybrid Multi-provider
Broker
of IT Services
VMware simplifies and automates IT management
and empowers IT to govern services
across multiple platforms and providers
CIO
Turn management into manageability through
intelligent, policy-based automation
The VMware
Approach
4. 44
VMware Cloud Management – Key Solution Areas
Automate the delivery
of infrastructure,
applications and
desktops as a service
across multiple clouds
and platforms.
Cloud
Operations
Manage the health,
risk, efficiency and
compliance of your
infrastructure and
applications.
Cloud
Business
Govern and manage
cloud services as a
critical element of
running IT like a
business.
Intelligent operations
Policy-based
automation
Unified management
Financial
transparency
Industry norms
Prescriptive guidance
Automate everywhere
Policy-based control
and governance
Choice and flexibility
5. 55
Cloud Operations – vCenter Operations Management Suite
• Prebuilt and configurable operations dashboards
provide real-time insight into infra. behavior
• Self-learning performance analytics and dynamic
thresholds enable early problem detection
• Policy-based config mgmt ensures continuous
compliance
• Capacity management optimizes resource usage
• Application discovery, monitoring and dependency
mapping enable enterprise-wide visibility
Benefits
Overview
Right Now Future Focused
vCenter Operations Management Suite
Sources: *Forrester, “The Total Economic Impact of VMware vCenter Operations Management Suite” Dec 2012;
**Management Insights Customer Survey, September 2012
Integrated performance, capacity and
configuration management
• Higher quality of service, fewer incidents and less
downtime of infra and app services
• 67% IT productivity gain from simplified
performance, incident & change mgmt tasks*
• 30% reduction in server CapEx from rightsizing
and reclaiming over-provisioned capacity*
• 60% increase in VMs managed by a single VI
admin**
6. 66
Cloud Operations Management Value
36% reduction in application downtime
26% reduction in diagnostics and problem resolution time
40% improvement in VMware capacity utilization
37% improvement in consolidation ratios
30% increase in hardware savings
60% increase in administrator productivity
50% total IT cost savings in combination with vSphere
Source: Management Insights Customer Survey, September 2012
8. 88
Customer Configuration and Compliance Concerns
We have fully embraced
cloud but ensuring
compliance with PCI,
HIPAA, and a raft of security
best practices consumes
massive amounts of my
teams time.
We lack visibility into our
cloud and the increased
velocity of change has
made our change
management process
extremely challenging.
Ensuring that all our
systems - including
running VMs, offline VMs
and VM Templates - are all
properly patched is source
of ongoing pain for my
staff.
9. 99
Cross-cloud Compliance Governance
Govern, automate and enforce compliance in the cloud:
For each cloud: create separate groups, configure compliance templates, collect
data for every managed system and remediate compliance breaches.
Configure separate
compliance templates
for each cloud
Track compliance
results for each cloud
11. 1111
Configuration Management – Across Virtual Infrastructure
Configurations for the entire
virtual infrastructure
• Across Multiple vCenters &
vCloud Directors
1,000’s of Settings and
Configurations collected for:
• vCenter
• vSphere Hosts & Guests
• Virtual Network & Storage
• vCloud Director
• vShield
Fix settings across multiple
vCenters & ESX(i) servers
at once
12. 1212
Configuration Management – Simplified Visualization
vSphere Host Summary Dashboard
• Provides overall vSphere Hosts Configuration Summary
State of the
Hosts
Makeup of the
Environment
Host
Compliance
Posture
Drill
in for
Details
VI Admin: “What is the status of my HOSTS in my environment? Is it what I expect?”
13. 1313
Configuration Management – Simplified Visualization
vSphere Guest Summary Dashboard
• Provides overall VM Configuration/Status Summary across vCenters
Accurate OS
Counts
VM Tool
Status
VM
Compliance
Posture
Drill
in for
Details
VI Admin: “How do I see visibility of at a glance guest configurations to find variants?”
14. 1414
Create Internal IT Best Practice Standards
vCM Compliance Management
• Build compliance rules that meet your internal standards
• Across multiple vCenters and vCDs
VI & vCD Admins: “How can I be made aware of unwanted change? Drive MY Best Practices”
Create simple rules Rule Groups
span your IT
Best Practices
Severity
15. 1515
Virtual Environment Compliance Posture
Virtual Compliance Dashboard
• Assess compliance status across vSphere & vCD environments
• vCenters, Clusters, Hosts, Datastores, VMs, vCD Orgs, vDCs & vApps
Latest
Compliance
Results
VI & vCD Admins + Security Teams: “Is my Virtual Infrastructure compliant?”
View Results
in VI context
• Data Centers
• Clusters
• vCD Orgs
• vShield
Security
Groups
16. 1616
Out of the Box Standards Compliance
Center for Policy and
Compliance
Out of the Box Templates
• Use as is
• Leverage to start your Internal
Standards
• Use in Conjunction with your
Internal Standards
VI & vCD Admins + Security Teams: “How can quickly I meet industry standards and guidelines?”
Compliant
VI
vSphere
Hardening
Guides vCM Best
Practices
DISA ESX
PCI DSS 2.0
for
vSphere/ESX
ISO 27002 -
vSphere
Basel III -
vSphere
CIS for ESX
FISMA ESX
GLBA ESX
HIPAA ESX
SOX ESX
View
Hardening
Guidelines
18. 1818
Configuration Management – Across Operating Systems
Configurations for the OS
• Across Virtual and Physical Servers
and Desktops
10,000’s of Settings and
Configurations collected for:
19. 1919
Capture
Changes
AssessReport
Remediate
Continuous Compliance of OS (Virtual and Physical)
Build & deploy compliant VMs from catalog
Assign more policies as needed
• Specific for the role of the VM/app
in the consumer’s business
• PCI, SOX, HIPAA, ISO, etc.
Continuous automated compliance
• Internal configuration standards
• Industry: PCI DSS, NERC/FERC
• Regulatory: SOX, HIPAA, GLBA,
FISMA, DISA, ISO
• Vendor hardening guides
Ongoing patch management
guards against known attacks
• Assess (Win, Linux, MAC, UNIX)
• Deploy
Dashboards provide “At-a-Glance” posture
HIPAA
20. 2020
Compliance Analysis and Remediation with vCM
View available
compliance
templates
Select PCI
compliance
analysis
results
Pinpoint what
systems failed
what checks
Fix
compliance
violations
21. 2121
Manage OS Patching Across the Enterprise
Monitor and plan
patching from a
single location
Report on patch-level
status across the
enterprise
Select systems
and patches to
deploy
22. 2222
Out of the Box Standards Compliance
Center for Policy and
Compliance
Out of the Box Templates
• Use as is
• Leverage to start your Internal
Standards
• Use in Conjunction with your
Internal Standards
Configuration Snapshots
and Comparisons
• Save configuration of a “gold”
system for comparison of
similar systems
Sys Admins + Security Teams: “How can quickly I meet industry standards and guidelines?”
Compliant
OS
Vendor
Security
Guides
DISA Win,
Linux &
UNIX
PCI DSS -
Win, Linux
& UNIX
ISO
27001-2 -
Win, Linux
& UNIX
Basel III -
Win, Linux
& UNIX
CIS -
Win, Linux
& UNIX
CobIT –
Win, Linux
& UNIX
FISMA -
Win, Linux
& UNIX
GLBA -
Win, Linux
& UNIX
HIPAA -
Win, Linux
& UNIX
NERC
CIP - Win,
Linux &
UNIX
SOX -
Win, Linux
& UNIX
BSI –
Win, Linux
& UNIX
FFIEC –
Win, Linux
& UNIX
24. 2424
Performance Troubleshooting with Correlated Change Events
Overview
• Integration of vCenter
Configuration Manager and
vCenter Operations Manager
• Correlate in-guest change
events with performance and
health
• Launch vCM in context to
remediate configuration
changes
Benefits
• Enable Operations to quickly
understand and remediate
performance issues arising
from configuration changes
Correlate
changes with
health scores Drill down and
remediate in
VCM
25. 2525
Compliance Visibility in Operations
Overview
• Roll up Hardening and
Compliance Status into
Risk Score
• Launch vCM in context
to remediate out of
Compliance systems
Benefits
• Enable Operations to
standardize on system
configurations and
quickly know when they
change
Drill into vCM for
details and to fix
violations
Compliance Score
as part of
Operational Risk
26. 2626
vCenter Orchestrator Workflows to Automate Complex Operations
Overview
• Integration of vCenter
Configuration Manager and
vCenter Orchestrator
• Call vCM APIs to manage
VMs and Templates from
vCO to orchestrate across
processes
Benefits
• Enables automated
configuration management
of vCenter VM Templates,
Online and Offline VMs
vCM
vCO REST Plugin
APIs
vCO Workflows
Check Compliance
and Enforce
Snapshot and
Deploy Patches
28. 2828
A Variety of Personas can Benefit from VCM
Infrastructure Admins
• Templatize configuration settings for vSphere Hosts and vCenters. Replicate settings
from POC to Production.
• Consolidate configuration and execute large scale change operations across multiple
vCenters and Hosts
• Use compliance to ensure internal and external standards for vSphere systems
Sys Admins
• Patch and Standardize VMs or Physical Machines
• Detect changes and drift from standard configuration
• Troubleshoot operation issues caused by mis-configurations
• Use compliance to ensure standards for VMs and Physical Machines
Security Admins
• Define Hardening and Regulatory compliance (HIPAA, PCI, etc) for VMs, vSphere and
Physical Machines
• Report on compliance status and recommend remediation for non-compliance
29. 2929
VCM supports Private, Public and Hybrid Cloud Models
Benefits
• vSphere change
management and compliance
assurance for both
Consumer and Provider
• Ability to leverage the cloud
for compliant sensitive work
loads
• Ability to manage guests
across Clouds
• Guest compliance
• Patching
• Change management
vSphere
DMZ
HIPAA
Private Cloud Public Cloud
vSphere
Consumer
Provider
VMware
Compliance visibility
across owned
infrastructure and
all guests
Compliance visibility across
owned infrastructure
32. 3333
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1315 vCloud Suite Use Cases - Control & Compliance
Group Discussions:
VCM1002-GD, VCM1004-GD
Cloud Operations with Hicham Mourad or Sam McBride