Data Center Virtualization Certification：VCP6.5-DCV Exam Guide

上QQ阅读APP看书，第一时间看更新

Objective 1.4 – Secure vSphere Virtual Machines

The hardening guide describes a lot of specific VM options, but, starting with ESXi 6.0 Patch 5, many of the advanced VM settings are now set to be Secure By Default.

This means that the desired values in the Security Configuration Guide are the default values for all new VMs, and you don't have to manually set them anymore.

For more information, see the blog post at https://blogs.vmware.com/vsphere/2017/06/secure-default-vm-disable-unexposed-features.html.

For virtual networking, NSX can provide a micro-segmentation capability, to enforce network security directly at the VM virtual NIC level.

Also, at VMworld 2017, a new product was announced: VMware AppDefense, a data center endpoint security product that protects applications running in virtualized environments. AppDefense works inside of the VM (compared to NSX, which only works at the network level), and understands how applications are normally supposed to work, monitoring any changes that could indicate a threat.

Objective 1.4 is totally new for VCP65-DCV, but it contains some parts of Objective 1.2, from the VCP6-DCV exam preparation guide.