With VMworld 2014 just a week away, we wanted to showcase a special VMware announcement this week. Introducing, advanced capabilities in VMware hypervisor environments coming with the Secret Server 8.7 release. This week’s post is a deep dive into the new ESX/ESXi discovery capabilities. Learn how your team can automatically discover and begin to manage your ESX/ESXi passwords with Secret Server.
The ability to automate the discovery of local accounts on VMware ESX and easily update root passwords provides organizations the ability to control and secure their diverse set of servers and environments. Enhanced support for VMware ESX and ESXi brings real-time visibility and monitoring for enterprises as they move to virtual environments.
Why is Discovery Important?
As an obvious reason, discovering new accounts on your network will save a ton of time by automating the Secret creation process, but Discovery also has security implications. When Secret Server is configured to discover new accounts, it gives you added protection by checking your network, and if there are new accounts, Secret Server can take them over by importing them and resetting their password to a new value that meets your security policy. This way, if someone is setting up rogue accounts on the network, they won’t be able to use those accounts very long. For added security, you can look at Discovery Reports to view an audit of Discovery activity.
Getting Started: ESX Discovery
Through the new Discovery Sources page, creating a new ESX Discovery Source is as simple as selecting it from the dropdown menu. Doing so launches the user straight into the new Discovery Source Wizard, which is a step-by-step user-friendly walkthrough of the settings available for ESX Discovery.
Advanced users can skip the wizard and move on to a single page of settings that offer a wider range of customization than the Wizard.
In order to set up ESX Discovery, the user needs only to provide a name for the Discovery Source, the IP address(es) or hostnames to the ESX server(s), and a Secret whose credentials will be used to log into the ESX server and scan for accounts. By default, ESX Discovery runs on port 443 (HTTPS).
Importing ESX/ESXi Secrets
After Discovery is complete and the accounts are found, they can be imported as VMware ESX/ESXi Secrets. The default naming convention for them is the IP address or hostname given on the Discovery Source followed by a slash and the account’s username, but if an IP address is given, Secret Server will attempt to resolve the hostname via DNS and if successful will use the acquired hostname instead.
VMworld 2014 Showcase
Get a sneak preview of Secret Server 8.7 at VMworld booth 611. If you are not attending VMworld 2014, watch out for more blog posts about Secret Server 8.7. We can’t wait to see you all next week in San Francisco. Safe travels everyone!
Latest posts by Thycotic Team (see all)
- Predicting Potential Threat: Behavior Analytics & Threat Modeling - October 21, 2014
- (Video) Are You Following Password Best Practices? - September 23, 2014
- What is a smart grid and why should I care about it? - September 16, 2014