Articles in this section

Dell EMC VxRail: Recommended Security Baseline Checks

Avatar
Oz Gabriely
  • Updated

This page provides a list of recommended secure configuration checks for Dell EMC VxRail systems, and is periodically updated. VxRail is a hyper-converged appliance jointly engineered by Dell EMC and VMware.

ID System Category Configuration check
K163E000P100 Dell EMC VxRail Access Control Approved vxRail administrative users/groups
K153E00M0105 Dell EMC VxRail Access Control iDRAC account lockout
K113E000P110 Dell EMC VxRail Access Control iDRAC IP range filtering
K163E000P115 Dell EMC VxRail Access Control iDRAC management interfaces must be isolated
K163E000P120 Dell EMC VxRail Access Control iDRAC Security Banner
K163E000P125 Dell EMC VxRail Access Control IP-based storage traffic isolation
K163E000P130 Dell EMC VxRail Access Control Network traffic protection by NSX / L3 firewalls
K163E000P135 Dell EMC VxRail Access Control Session timeout
K163E000P140 Dell EMC VxRail Access Control SNMP lockout
K163EI00P145 Dell EMC VxRail Audit Expanded monitoring with auditd
K063EI00P150 Dell EMC VxRail Audit External syslog server
K163E000P155 Dell EMC VxRail Audit iDRAC Remote Syslog
K133E0000160 Dell EMC VxRail Audit NT server configuration
K163E000P165 Dell EMC VxRail Audit NTP server redundancy
K163E000P170 Dell EMC VxRail Audit NTP service status
K163E000P175 Dell EMC VxRail Authentication iDRAC LDAP configuration
K143E000P180 Dell EMC VxRail Authentication iDRAC 2-Factor Authentication
K143E00MP185 Dell EMC VxRail Authentication iDRAC Active Directory configuration
K163E000P190 Dell EMC VxRail Authentication iDRAC default passwords
K163E000P195 Dell EMC VxRail Authentication iDRAC Password policy
K163E000P200 Dell EMC VxRail Authentication iDRAC web UI default password
K163E000P205 Dell EMC VxRail Authentication Maximum password age (vxrail management accounts)
K163E000P210 Dell EMC VxRail Authentication Minimum password age (vxrail management accounts)
K163E000P215 Dell EMC VxRail Authentication SNMP authentication
K163E000P220 Dell EMC VxRail Authentication SNMP community string
K063E000P225 Dell EMC VxRail Authentication VxRail default passwords
K163E000P230 Dell EMC VxRail Configuration Management Authorized certificate issuer
K123E000P235 Dell EMC VxRail Configuration Management DNS server redundancy
K163E000P240 Dell EMC VxRail Configuration Management DNS service status
K163E0000245 Dell EMC VxRail Configuration Management iDRAC firmware
K163E000P250 Dell EMC VxRail Configuration Management Node secure boot
K183E000P255 Dell EMC VxRail Configuration Management Self-signed certificate
K163E000P260 Dell EMC VxRail Configuration Management Virtual Console plugin type
K163E00MP265 Dell EMC VxRail Configuration Management VxRail version
K163EI00P270 Dell EMC VxRail Encryption iDRAC Remote Syslog TLS
K163EI00P275 Dell EMC VxRail Encryption iDRAC Self-Signed TLS/SSL Certificate
K163EI00P280 Dell EMC VxRail Encryption iDRAC web server cipher suite strength
K143E000P285 Dell EMC VxRail Encryption iDRAC web server SSL encryption strength
K163E000P290 Dell EMC VxRail Encryption iDRAC web server TLS level
K163E000P295 Dell EMC VxRail Encryption Secure NTP settings
K163E000P300 Dell EMC VxRail Encryption Secure proxy type
K163E0000305 Dell EMC VxRail Encryption SNMP privacy
K063E000P310 Dell EMC VxRail Encryption TPM present
K163E000P315 Dell EMC VxRail Encryption Virtual Console SSL encryption
K163E000P320 Dell EMC VxRail Encryption Virtual Console Video Encryption
K183E000P325 Dell EMC VxRail Encryption Virtual Media Encryption 
K163E000P330 Dell EMC VxRail Encryption vSAN Encryption
K163E000P335 Dell EMC VxRail Encryption vSAN Health Check and public HCL connection method
K163E000P340 Dell EMC VxRail Hardening BIOS System Security
K163E000P345 Dell EMC VxRail Hardening Default iDRAC user accounts
K163E000P350 Dell EMC VxRail Hardening FIPS mode
K163E000P355 Dell EMC VxRail Hardening iDRAC FIPS mode
K163E000P360 Dell EMC VxRail Hardening iDRAC Local Configuration using iDRAC Settings
K163EI00P365 Dell EMC VxRail Hardening iDRAC Local Configuration using RACADM
K163EI00P370 Dell EMC VxRail Encryption iDRAC SSH cipher strength
K163EI0MP375 Dell EMC VxRail Encryption iDRAC SSH host key algorithms
K063E000P380 Dell EMC VxRail Encryption iDRAC SSH key exchange algorithms
K163E000P385 Dell EMC VxRail Encryption iDRAC SSH MAC strength
K163E000P390 Dell EMC VxRail Hardening iDRAC System Lockdown Mode
K163EI00P395 Dell EMC VxRail Hardening root remote login
K163E000P400 Dell EMC VxRail Hardening vSAN Health Check and public HCL state
K123E0000405 Dell EMC VxRail Monitoring Remote support configuration
K163E000P410 Dell EMC VxRail Monitoring Remote support status
K163E000P415 Dell EMC VxRail Monitoring VSAN HealthCheck configuration
K153E000P420 Dell EMC VxRail Services and Protocols HTTP status
K163E000P425 Dell EMC VxRail Services and Protocols iDRAC web server HTTP status
K163E000P430 Dell EMC VxRail Services and Protocols IPMI over LAN disabled
K163E000P435 Dell EMC VxRail Services and Protocols Lifecycle Controller enabled protocols
K163E000P440 Dell EMC VxRail Services and Protocols Serial Over LAN disabled
K163E000P445 Dell EMC VxRail Services and Protocols SNMP status
K063E000P450 Dell EMC VxRail Services and Protocols SNMP version
K163E00MP455 Dell EMC VxRail Services and Protocols Telnet Disabled
K163E000P460 Dell EMC VxRail Services and Protocols Telnet status
K123E000P465 Dell EMC VxRail Services and Protocols VxRail SaaS multi-cluster management configuration
... and more.    

NOTE: Additional security baseline checks should be performed for VMware vCenter, iDRAC, Linux and other Dell EMC VxRail components.

 

Interested to learn about StorageGuard Security Posture Management for VxRail? 

 

 

Contact us

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.