Control Your Physical and Virtual IT Infrastructure with VMware vCenter Configuration Manager

George Gerchow, Chief Cloud Executive ITIL, CISSP, CCNA, MCPS, SCP, VMware

Agenda
Cloud Computing and Virtualization Ride VMware Solutions for Private Cloud (ITaaS)
Key Business Drivers

What is VMware vCenter Configuration Manager

Change Management and Compliance Simulated Demo

Integrations

Competitive Differentiators

IT Management is Changing in the Cloud Era

Management and Security

Public/Private/Hybrid Cloud

Private Cloud

Infrastructure Renters (IaaS)

Security and Compliance Market Overview

$30B Worldwide in 2009 Market Size($M) in 2009 Segments We Address
Anti-Virus Network Security $9,136 (8%) Security Operations $2,987 (15%) Data Security $3,258 (19%) Identity Mgmt $3,565(20%)

Change Mgmt $4,096 (7%) Endpoint Security $3,001 $3,001 (8%)

(2%)

U.S. companies will spend $29.8B on GRC activities in 2010, up 3.9%

Application $713 Security (8%)

Source: FORRESTER, 2009

Endpoint Security Antivirus Network Security

Market Growth Rate

Market Identity Management Change & Compliance Others Size in 2012

Next Gen IT Management VMware

Get a fast & accurate datacenter view Optimize capacity for virtual infrastructure Avoid configuration drift & maintain compliance

Application Discovery Manager: Simple application dependency views, agentless & non-intrusive

VMware CapacityIQ: Eliminate waste by identifying any unused or over-allocated capacity vCenter Configuration Manager: Manage change, scale your infrastructure without adding staff, ensure compliance
Integrien: Real-time performance analytics solution analyzes and correlates data across the monitored IT infrastructure Service Manager: Federated CMDB, automated processes & workflow, self-service portal

Turn IT performance data into actionable information

Deliver self-service with control

VCM Business Benefits Summary

Compliance and Remediation to Lower Risk

Manage and Control Virtualization

Change Management to Mitigate Outages

Harden Environment to Reduce Threats and Breaches

Provisioning & Patching inline with Compliance to Eliminate Vulnerabilities

Operational Efficiency & Tool Consolidation

vCenter Configuration Manager (VCM) Solution Overview

DISCOVERY & CHANGE Discover hundreds of Physical, Virtual, OS and Application parameters to build a repository and of Configuration Information for thousands of OS instances and progressively track point in time configuration change, including file integrity monitoring`. Quickly analyze on every instance against known patches and compliance factors to understand your risk position.

ANALYZE COMPLIANCE

REPORT

Enterprise System Reporting on the optimization and security posture of all systems within the enterprise.

PLAN

Asset classification allows the analysis and reporting to quickly understand where the most value can be achieved in the shortest amount of time Decision Support. VCM has the ability to Right-Click Fix or auto remediate non-compliance or mis-configurations. Verify the remediation and optimization schedules are producing positive outcomes for the organization.

REMEDIATE

VERIFY

ANALYTICS

Lastly, leveraging Key Performance Indicators and Balanced Business Scorecards, Data Warehousing and Business Intelligence solutions are used to analyze historical results, with present conditions, to positively affect people, process and technology.

UNIX

WINDOWS

LINUX

Understanding Progressive Change

Standard Build

Actual
Build

80,000 CIs

Type: Unplanned, Uncontrolled User Changes Unapproved Admin Change Exploits Shadow IT Origin: End Users, Developers, Suppliers

New Build

Type: Planned, Controlled Updates and fixes Infrastructure changes Component patches

VMware Approach to Security and Compliance

Harden and secure the components Policies built from out-of-thebox compliance templates Harden the hypervisor configs
for ESX, network, storage, etc.

SOX

Physical Datacenter

HIPAA

FISMA & PCI CIS

Harden the hypervisor guest

VM settings
Virtual Datacenter 1

DISA

GLBA

Virtual Datacenter 2

ISO 27002
NERC/ FERC

Harden the Guest OS

Physical and Virtual
Desktop and Servers Win, UNIX, Mac

SOX & HIPAA

DISA & PCI

CIS & PCI

NIST

PCI DSS

Virtualization HardeningvCenter VMware vSphere + Guidelines

ESX Hardening

Build Gold Standards

CIS Benchmarks
Cluster B Cluster A

Save Time with Automated Patching and Provisioning

Common provisioning platform for both physical and virtual environments
Software Provisioning (Windows) Create software packages Push packages to systems & guests Tied to compliance Push software to systems out of compliance
(e.g. Anti-virus)
Provision SW

Patching to Mitigate Vulnerabilities Pull down patch bulletins for the OS vendors Assess the infrastructure for vulnerabilities Remediate - Push patches out to the guests
and systems that need them

Patch

Provision Standard Images (vSphere, Windows and Linux) Install ESX to Bare Metal Install OS in a VM Container in ESX/ESXi Install OS to Bare Metal

Provision OS

vCenter Configuration Manager Architecture

VMware Virtual Guests
(Windows, UNIX, & Linux)

Microsoft Windows
2000, 2003, 2003 R2, 2008, 2008 R2, XP Professional X86, Vista Business, Ultimate & Enterprise, Windows 7

Linux
Red Hat Enterprise Linux Server 2.1, 3, 4, 5. Red Hat Enterprise Linux Workstation 3, 4, 5 SUSE Linux Enterprise Server 9, 10, 10.2, 10.3 11.0, 11.1

Managed Code

Mac OS X
10.4, 10.5 (PPC and Intel)

Virtual Support

WAN

Managed Code
(vCM Remote) DCOM/HTTP

UNIX
AIX 4.3.3, 5.1, 5.2, 5.3, 6.1 HP-UX 11i V 1.0, 2.0 3.0 Solaris 2.6, 8, 9, 10

ESX 2.5, 3.0, 3.5 DCOM/HTTP VMware ESXi 3.5 VMware vSphere 4.0u1, 4.0u2, 4.1 HTTP VMware vCenter 4

Collector

Managed Code

vCM
Web Interface Admin Client

DBS

HTTP

Physical 64-Bit Processor Support

DMZ For Windows: Xeon64, Itanium, and AMD64 For Linux: Xeon64 and AMD64 For UNIX: Sun Sparcv9, Itanium (HP-UX), Intel64 and AMD64

64-Bit Windows Support

2003,2008, 2008 R2 XP Professional Vista: Business, Ultimate, Enterprise Windows 7 Business, Ultimate, Enterprise

vCM Architecture and Coverage

Demonstration

Understand Compliance Directly Inside vCenter

Analyze overall compliance trends across the enterprise Drill into specific VCM tab in compliance and vCenter gives configuration you easy access details for host to compliance summary data

Guest Identify specific system configuration compliance and patch violations at a details glance

Manage Patching Across the Enterprise with VCM

Report on patch-level status across the enterprise (Unix, Linux, Windows)

Select systems and patches to deploy

Centrally control patching process

Monitor and plan patching from a single location

Compliance Analysis and Remediation with VCM

View available compliance templates

Pinpoint what systems failed what checks Report on overall compliance posture

Select PCI compliance analysis results Triage vital Fix compliance issues to violations address for critical systems

Integrations

Integrating into VMware Service Manager

Need an RFC before making a Change

- Emergency Change Capability

Auto Creating an RFC then having it go through the CM process Verifying the Change was, or was not executed Change Reconciliation
Capturing out of Band Change

Improving and measuring the process

CMDB CI updates
Service Catalogue Security & Compliance

The Reboot

Selected all Machines Out of Band!

Trail of Guilt.

Turn on Service Desk Integration

Pebcak, Lets Get the Party Started

Typical Pebkac Scenerio

ID10T calls Service Desk, cannot access Server

Reporting is not enough, roll that sucka back

Un-Planned Change Real World Example

7:30am Exchange Server Blue Screen of Death Called by Exec VP of Operations
Mission Critical Application

No CM record found within Service Desk

What happened?

Recovery Plan Established at 8:30am Rebuild OS, load app and back up files from tape ETA 6+ hours

Un-Planned Change Real World Example Continued

What about the Technical Controls Change Log? (8:35am) Found a new network driver was installed Safe Mode login, uninstalled drive Exchange Server restored in 5 minutes Provided Factual Report to Senior Management Established credibility, saved time & $$$$$

Visibility & Accountability

Security and the Impact of Change

Dependencies of Change

Virtualization & Cloud Management Competitive Differentiators

Compliance Content, Automation Virtualization Enablement Closed Loop Change Management

Agentless Discovery of Application Dependencies

ITSM Process, CMDB, Service Catalog Product Integrations

Thank You
This webcast has been recorded and a link to the on-demand version will be sent to you in a follow-up e-mail along with a PDF copy of the slides.

For more webcast information, please visit www.vmware.com/go/webcasts Follow us on Twitter at www.twitter.com/vmwareevents