VMware very strongly suggests TPM for all servers in tightened vSphere security guide VMware has published new and tighter security configuration guidance for its flagship vSphere private cloud suite. Virtzilla went a couple of years without a major update, then published one just after vSphere 7.0 Update 1 appeared in October 2020. Bob Plankers, a VMware technical marketing architect, announced the updated …
SENIOR Technical Marketing Architect, that is. :P
At VMware, Technical Marketing Architects are as much part of Engineering as anything. More like Developer Relations at other companies, helping all the different populations of people inside and outside VMware understand the products and each other's needs.
"without saying why VMware decided on the extra guidance."
Because it's far past time to get serious about security, Simon. We used to talk a lot about these sorts of things pre-COVID, but trapped at home it's much harder to get the message out about doubling down on basic security processes, and we needed to take a stronger stance. The nice thing about the Security Configuration Guide is that it isn't tied to compliance frameworks & auditors, so you can selectively use it or ignore it at will! But the guidance is out there now for all to see.
Why is VMWare so opposed to shell access? SSH has proven far more secure than VMWare's own services (see: slpd exploits).
And when you really need shell access to your ESXi instances is exactly when you'll be unable to enable them (over the network via web interface).
At least if they had an option under F2 on the console to turn it on and off I might consider it, but no, you can restore the whole system to defaults, but you can't turn on a console where you can do some real debugging / repairs when you need to.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
