Secure By Default – VM.disable-unexposed-features
We would like to post one very important article from Mike Foley, Senior Technical Marketing Architect at VMware about “Secure by default”.
I’m super happy to announce that we are showing more progress in our quest for “Secure By Default” for ESXi and vCenter Server. This latest update is one that is near and dear to many of you who live and breath by the Hardening Guide (now called the Security Configuration Guide in 6.5) and its many offshoots and subsets and supersets like PCI, HIPAA, DISA STIG, etc..
In ESXi 6.0 Patch 5 (see below), many of the VM.disable-unexposed-features.* settings are now set to be “Secure By Default”. Meaning, the Hardening Guide / Security Configuration Guide desired values are the default values. (see table below) You don’t have to manually set them anymore.. Not that many of you actually did have to set them to begin with.
I know that these changes are going to bring up a LOT of questions. IT folks will have to deal with their security folks. So, this post will go into a little history to help explain things and hopefully calm any nerves.
Read the entire article here, Secure By Default – VM.disable-unexposed-features
via the fine folks at opvizor.