VI 3 Hardening Guide

VMware has produced a 31 page security hardening guide covering the different aspects of hardening the Virtual Infrastructure. 

By introducing a layer of abstraction between the physical hardware and virtualized systems running IT services, virtualization technology provides a powerful means to deliver cost savings via server consolidation as well as increased operational efficiency and flexibility. However, the added functionality introduces a virtualization layer that itself becomes a potential avenue of attack for the virtual services being hosted. Because a single host system can house multiple virtual machines, the security of that host becomes even more important.


Because it is based on a light‐weight kernel optimized for virtualization, VMware® ESX and VMware ESXi are less susceptible to viruses and other problems that affect general‐purpose operating systems. However, ESX/ESXi is not impervious to attack, and you should take proper measures to harden it, as well as the VMware VirtualCenter management server, against malicious activity or unintended damage. This paper provides recommendations for steps you can take to ensure that your VMware Infrastructure 3 environment is properly secured. The paper also explains in detail the security‐related configuration options of the components of VMware Infrastructure 3 and the consequences for security of enabling certain capabilities.

From there it goes on to give advice on all levels of securing the Virtual Infrastructure, from Virtual machines and vSwitches, over to Virtual Center Permissions, down to ESX hardening.  It is a worthwhile read and can be downloaded here.