VMware® Infrastructure Planner Security Whitepaper Understanding the security and privacy features of VMware Infrastructure Planner

T E C H N I C A L W H I T E P A P E R

T E C H N I C A L W H I T E P A P E R / 1

Document Title

Table  of  Contents  

Executive  Summary  ................................................................................................................  2  

Introduction  ..............................................................................................................................  2  Sharing  Your  Information  ..............................................................................................................  2  Location  of  Infrastructure  Data  ...................................................................................................  2  

Data  Transport  Security  ........................................................................................................  3  Initial  Configuration  ........................................................................................................................  4  vCenter  Server  Administrative  User  .......................................................................................................  4  Principle  of  Least  Privilege  ..........................................................................................................................  4  Connect  to  vCenter  ..........................................................................................................................................  5  vCenter  Server  and  SSL  .................................................................................................................................  6  vCenter  SSL  Certificate  Example  ...............................................................................................................  7  vCenter  Operations  Root  User  ...................................................................................................................  7  VSAN  Qualification  Assessment  ................................................................................................................  9  

Infrastructure  Planner  to  VMware  .............................................................................................  9  Encrypting  data  at  rest  ..................................................................................................................................  9  Secure  Connection  to  VMware  ...................................................................................................................  9  Proxy  Configuration  ....................................................................................................................................  10  Data  Collection  ...............................................................................................................................................  10  

Security  Assessment  .............................................................................................................  10  How  does  VMware  develop  and  test  its  software  for  security?  ......................................  10  

Conclusion  ...............................................................................................................................  11  

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Executive Summary The purpose of this whitepaper is to provide key security information regarding the VMware Infrastructure Planner to security professionals in order to help them evaluate the product.

Introduction Infrastructure Planner helps customers understand the savings opportunities available to them if they deploy the vCloud Suite and other VMware Software-Defined Datacenter offerings. It does this by:

1. Identifying specific resource savings 2. Estimating the total savings potentials in real-world currency 3. Summarizing and sharing via online or downloadable summary reports

If you have questions or concerns about submitting your Infrastructure Data or otherwise using Infrastructure Planner, you should consult your legal counsel.

Sharing Your Information VMware may share Infrastructure Data with its designated partner resellers to the extent needed to deliver VMware Infrastructure Planner’s benefits and services or to otherwise support your business needs. VMware will only provide this data to partners who are directly working with the VMware Infrastructure Planner tool to facilitate the sales opportunity with their customers. VMware will not share the data with 3rd party partners who are not directly involved with the sales opportunity. VMware is not in the business of selling or renting your information to others and will not share your Infrastructure Data with other third parties without your permission, unless required by, or in connection with, law enforcement action, subpoena or other litigation, applicable law or in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business, or within the group of affiliated VMware companies, if and to the extent legally permissible. .

Location of Infrastructure Data Information collected by VMware Infrastructure Planner may be transferred, stored and processed by VMware in the United States or any other country in which VMware or its affiliates, subsidiaries or service providers maintain facilities. While the VMware Infrastructure Planner application and data are hosted in the United States, its data might go outside of the United States to be used by the VMware

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Infrastructure Planner Support or Engineering Teams who are located in VMware Support Centers around the world.

Data Transport Security There are three secure connections that are secured using SSL.

1. SSL between VMware Infrastructure Planner Collector Appliance and vCenter Server using the vCenter SSL certificate

2. SSH and SSL between VMware Infrastructure Planner Collector Appliance and vCenter Operations Manager

3. SSL between VMware Infrastructure Planner Collector Appliance and the VMware Infrastructure Planner Portal hosted by VMware using a trusted SSL certificate

This section will go over all connections and describe the flow and technical aspects of these connections.

Figure 1

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Initial Configuration

vCenter Server Administrative User As part of the setup, a vCenter administrative user is required. This requirement is because Infrastructure Planner needs an account with elevated privileges to register the vCenter Operations Manager instance to vCenter Server.

Principle of Least Privilege In the case of the requirement to use a least-privileged method of access to vCenter, it is recommended the following steps be used to accomplish this task.

1. Create a Role in vCenter that conform to the requirements of a vCenter Operations Manager. These privileges should be Global: Licenses and Extension: Register extension, unregister extension, update extension and vCenter Operations Manager User. See Figure 2.

2. Create a service account and assign this new role to the account 3. Use this username and password to connect the Infrastructure Planner Appliance

to vCenter.

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Figure 2

Connect to vCenter During configuration of the Infrastructure Planner appliance, you are prompted three items to establish the connection to vCenter Server.

1. The FQDN or IP Address of the vCenter server 2. A user account with vCenter administrator privileges 3. The password for the user account

Using these credentials, the VMware Infrastructure Planner Appliance then makes a connection to vCenter API web service via an SSL connection. The SSL certificate used in this case is the one presented by the vCenter Server.

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Figure 3

vCenter Server and SSL The vCenter server SSL certificate is accepted automatically by the Infrastructure Planner Appliance whether the certificate presented is trusted or self signed. The SSL fingerprint used by the connection is trusted for future connections. A fingerprint (also known as a “thumbprint”) is a cryptographic hash of a certificate. The fingerprint is used to quickly determine if a presented certificate is the same as another certificate, such as the certificate that was accepted previously. Reference VMware documentation or KnowledgeBase articles for locations of the vCenter SSL certificate or connect to the vCenter server via a web browser and examine the SSL certificate presented. An example is provided below.

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

vCenter SSL Certificate Example

Figure 4

There you will also find the algorithm used to encrypt the certificate. You may change the certificate(s) using the vSphere documentation and the vSphere SSL Certificate Automation Tool. Reference VMware documentation or KnowledgeBase articles for more information on the vSphere SSL Certificate Automation Tool.

vCenter Operations Root User During setup, you are prompted to set up the connection between vCenter Operations Manager and VMware Infrastructure Planner. To make this connection, you are again prompted for four things.

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

1. The FQDN or IP Address of the vCenter Operations Manager UI virtual machine 2. A Username with “Root” privileges on the vCenter Operations Manager virtual

machine 3. The password of the Username with “Root” privileges 4. A checkbox that asks if you have previously registered vCenter Operations

Manager with the vCenter Servers

Figure 5

The Root user is used to register the bundled copy of VMware vCenter Operations Manager and automatically set it up to work with your vCenter Server(s). When you already have a VMware vCenter Operations Manager instance running, the Root account is used to verify settings.

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VSAN Qualification Assessment VSAN Qualification Assessment is a special type of assessment available in VIP 2.0 to determine if a particular workload (virtual machine) is suitable for VSAN based on its IO characteristics. This assessment requires additional connectivity between the VIP Collector and the ESXi hosts in the environment. During the configuration phase, the VIP collector will be issuing commands through the esxcli interface to install a new VIB on each ESXi hosts needed for the collection. No additional software is installed on the ESXi system. The VIB is a simple wrapper to an enable an existing vscsiStats command. This VIB makes it possible for the VIP collector to assess the IO characteristic of each workload by issuing various vscsiStats commands to retrieve histogram reports and IO trace data.

During the VIB installation phase, each applicable ESXi hosts will be downloading the VIB from the collector appliance via HTTP on port 80. The VIB itself was signed at VMwareCertified level to prevent un-authorized softwares running on the ESXi host.

Infrastructure Planner to VMware

Encrypting data at rest Data collected by the VMware Infrastructure Planner appliance is stored unencrypted on the Appliance prior to upload to VMware.

Secure Connection to VMware After data is collected locally by the Infrastructure Planner Appliance, it is sent over an SSL connection to the VMware Infrastructure Planner Portal. A trusted SSL certificate used to encrypt the SSL connection. The Infrastructure Planner virtual machine does not

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

have a local copy of the SSL certificate. It uses SSL handshake and a Trusted Root CA (Certificate Authority) store to verify the SSL certificate, not unlike an SSL connection via a web browser.

Proxy Configuration The use of a proxy server to for the VMware Infrastructure Planner to connect through a corporate firewall is supported. This is done during the initial setup of the VMware Infrastructure Planner Appliance.

Figure 6

Data Collection The vSphere Infrastructure Planner uploads information from vCenter Server and the ESXi hosts. Up to date information on the exact data and types that are uploaded is available at https://vip.vmware.com/help/privacy/datapoints  

Security Assessment

How does VMware develop and test its software for security? VMware uses a number of techniques during its software development cycle to improve upon the security of its products. These standard techniques include Threat Modeling, Static Code Analysis, Incident Response Planning, and Penetration Testing using both internal and external security expertise. VMware has an established software security engineering group that integrates these techniques into the software development cycle,

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

provides security expertise, guidance on the latest security threats and defensive techniques, and training within the development organization. This group is also responsible for driving VMware products through external security accreditations and certifications. VMware is an active participant in the BSIMM industry software security forum: http://bsimm.com/

Conclusion Data security and privacy is VMware’s foremost concern. As such, we have built high levels of security and privacy features from limiting account privileges to using SSL for all data transfers. VMware Infrastructure Planner has been subjected to rigorous internal audits and external penetration testing. We will continue listening to the customer feedback and enhancing this features as appropriate. Customers should use the VMware Infrastructure Planner customer support email address vip-support@vmware.com to provide us with that feedback.