VxRail STIG v2.1

VxRail STIG v2.1

VxRail Security Technical Implementation Guides (STIG) is set of security configurations for cybersecurity requirements specifically for VxRail. This tool will allow us to secure the VxRail appliance by securing protocols networks, software and hardware.

It is published by Defense Information System Agency (DISA)

 

Mandated for US Government agencies and utilities. Also used by industries for Defence, PharmaChem, Financial and Enterprises.

 

Dell is expected to GA VxRail STIG v2.1 on 28th April 2023 and it will be available for download (guide & software package) on Dell Support site. Do note that this is only supported for vSphere 7.0.

 

Assumptions before hardening

  • The scripts and hardening steps are intended to assist in hardening the environment.
  • The end-user is responsible for any accreditation documents, validation checks, and other information outside of what is included in the package.
  • Management access
    • Limited to an authorized Common Access Card (CAC)-enabled workstation
    • Located in a physically secured area and connected to the management VLAN behind a firewall
  • The system to be hardened:
    • Is deployed in a physically secured locked computer room or switch cabinet
    • Is located behind the enclave firewall
    • Will integrate with Active Directory (AD) to authenticate users
    • Will use an external log server for auditing purposes
  • Required environment info:
    • Log server IP address
      • Log Insight on the VxRail appliance can be used
      • An external log server (syslog) can also be configured
    • Network Time Protocol (NTP) servers
    • Network Configuration details:
      • Domain Name System (DNS) Server address(es)
      • Default Gateway address

 

DISA STIG Viewer:

 

STIG Workflow:

 

  1. Extract downloaded VxRail STIG package on workstation
  2. High-level prerequisite installations and setup:
    • A Windows workstation, with installed components:
      • A current web browser
      • PowerShell
      • PowerShell module – VMware PowerCLI
      • PowerShell module – VMware vSphere SSO Admin
      • PuTTY Plink executable
      • A secure copy utility – e.g. WinSCP
      • An SSH client – e.g. PuTTY
    • The bash script and py subdirectory transferred to the VxRail Manager VM

Flow 1:

 

 

Flow 2:

 

VxRail STIG is a fully engineered, automated and supported by Dell Technologies.

Share the Post:

Related Posts

%d bloggers like this: