Our Comment VMware/Security: Opvizor OpBot cool but scary?
We totally agree as there is no 100% protection for misconfiguration or staff that goes rogue. Therefore, it’s important to keep the management platforms audited and segmented.
We build our products with all security in mind. OpBot allows to use on-premise chat as well, blacklist commands or disable certain modules. Furthermore, we have integrations for 2 key factor authentication if needed. So if you want to use OpBot for read-only actions only, never configure a vCenter user with more permissions. To leverage full functionality, just let us know and we can support you to reduce permissions to the required minimum.
Nevertheless, as Chris mentioned there are more and more tools that are build and released to simplify DevOps and Ops and allow remote access using your mobile. You can ignore it for some time, but it will be the requirements of the future workspace. Check out the products mentioned, like HyTrust Cloud Contol, NSX aso. to make sure your environment is ready for the future.
Thank you very much for this post Chris and please find here some additional information.
You can find more information about OpBot here
Here is Chris’ consideration about OpBot and security:First off, OpBot from Opvizor makes it very clear that you should only grant it’s integration account read-only access. You can do ‘destructive’ PowerCLI commands by passing login info via slack, but also not recommended. As much as they have created an immensely useful tool, it also is somewhat of a pandora’s box. It’s brought to light a security hole that can be difficult to secure at scale. Currently Opvizor is the only one that I know of that makes this type of appliance, but that doesn’t stop the many possible clones of this type of tech.
Read the entire article here, Our Comment VMware/Security: Opvizor OpBot cool but scary?
via the fine folks at opvizor.