This page provides a list of recommended secure configuration checks for Dell EMC VxRail systems, and is periodically updated.
VxRail is a hyper-converged appliance jointly engineered by Dell EMC and VMware.
System | Category | Configuration check |
Dell EMC VxRail | Access Control | Approved vxRail administrative users/groups |
Dell EMC VxRail | Access Control | iDRAC account lockout |
Dell EMC VxRail | Access Control | iDRAC IP range filtering |
Dell EMC VxRail | Access Control | iDRAC management interfaces must be isolated |
Dell EMC VxRail | Access Control | iDRAC Security Banner |
Dell EMC VxRail | Access Control | IP-based storage traffic isolation |
Dell EMC VxRail | Access Control | Network traffic protection by NSX / L3 firewalls |
Dell EMC VxRail | Access Control | Session timeout |
Dell EMC VxRail | Access Control | SNMP lockout |
Dell EMC VxRail | Audit | Expanded monitoring with auditd |
Dell EMC VxRail | Audit | External syslog server |
Dell EMC VxRail | Audit | iDRAC Remote Syslog |
Dell EMC VxRail | Audit | NT server configuration |
Dell EMC VxRail | Audit | NTP server redundancy |
Dell EMC VxRail | Audit | NTP service status |
Dell EMC VxRail | Authentication | iDRAC LDAP configuration |
Dell EMC VxRail | Authentication | iDRAC 2-Factor Authentication |
Dell EMC VxRail | Authentication | iDRAC Active Directory configuration |
Dell EMC VxRail | Authentication | iDRAC default passwords |
Dell EMC VxRail | Authentication | iDRAC Password policy |
Dell EMC VxRail | Authentication | iDRAC web UI default password |
Dell EMC VxRail | Authentication | Maximum password age (vxrail management accounts) |
Dell EMC VxRail | Authentication | Minimum password age (vxrail management accounts) |
Dell EMC VxRail | Authentication | SNMP authentication |
Dell EMC VxRail | Authentication | SNMP community string |
Dell EMC VxRail | Authentication | VxRail default passwords |
Dell EMC VxRail | Configuration Management | Authorized certificate issuer |
Dell EMC VxRail | Configuration Management | DNS server redundancy |
Dell EMC VxRail | Configuration Management | DNS service status |
Dell EMC VxRail | Configuration Management | iDRAC firmware |
Dell EMC VxRail | Configuration Management | Node secure boot |
Dell EMC VxRail | Configuration Management | Self-signed certificate |
Dell EMC VxRail | Configuration Management | Virtual Console plugin type |
Dell EMC VxRail | Configuration Management | VxRail version |
Dell EMC VxRail | Encryption | iDRAC Remote Syslog TLS |
Dell EMC VxRail | Encryption | iDRAC Self-Signed TLS/SSL Certificate |
Dell EMC VxRail | Encryption | iDRAC web server cipher suite strength |
Dell EMC VxRail | Encryption | iDRAC web server SSL encryption strength |
Dell EMC VxRail | Encryption | iDRAC web server TLS level |
Dell EMC VxRail | Encryption | Secure NTP settings |
Dell EMC VxRail | Encryption | Secure proxy type |
Dell EMC VxRail | Encryption | SNMP privacy |
Dell EMC VxRail | Encryption | TPM present |
Dell EMC VxRail | Encryption | Virtual Console SSL encryption |
Dell EMC VxRail | Encryption | Virtual Console Video Encryption |
Dell EMC VxRail | Encryption | Virtual Media Encryption |
Dell EMC VxRail | Encryption | vSAN Encryption |
Dell EMC VxRail | Encryption | vSAN Health Check and public HCL connection method |
Dell EMC VxRail | Hardening | BIOS System Security |
Dell EMC VxRail | Hardening | Default iDRAC user accounts |
Dell EMC VxRail | Hardening | FIPS mode |
Dell EMC VxRail | Hardening | iDRAC FIPS mode |
Dell EMC VxRail | Hardening | iDRAC Local Configuration using iDRAC Settings |
Dell EMC VxRail | Hardening | iDRAC Local Configuration using RACADM |
Dell EMC VxRail | Encryption | iDRAC SSH cipher strength |
Dell EMC VxRail | Encryption | iDRAC SSH host key algorithms |
Dell EMC VxRail | Encryption | iDRAC SSH key exchange algorithms |
Dell EMC VxRail | Encryption | iDRAC SSH MAC strength |
Dell EMC VxRail | Hardening | iDRAC System Lockdown Mode |
Dell EMC VxRail | Hardening | root remote login |
Dell EMC VxRail | Hardening | vSAN Health Check and public HCL state |
Dell EMC VxRail | Monitoring | Remote support configuration |
Dell EMC VxRail | Monitoring | Remote support status |
Dell EMC VxRail | Monitoring | VSAN HealthCheck configuration |
Dell EMC VxRail | Services and Protocols | HTTP status |
Dell EMC VxRail | Services and Protocols | iDRAC web server HTTP status |
Dell EMC VxRail | Services and Protocols | IPMI over LAN disabled |
Dell EMC VxRail | Services and Protocols | Lifecycle Controller enabled protocols |
Dell EMC VxRail | Services and Protocols | Serial Over LAN disabled |
Dell EMC VxRail | Services and Protocols | SNMP status |
Dell EMC VxRail | Services and Protocols | SNMP version |
Dell EMC VxRail | Services and Protocols | Telnet Disabled |
Dell EMC VxRail | Services and Protocols | Telnet status |
Dell EMC VxRail | Services and Protocols | VxRail SaaS multi-cluster management configuration |
... and more. |
NOTE: Additional security baseline checks should be performed for VMware vCenter, iDRAC, Linux and other Dell EMC VxRail components.
Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? |
Comments
0 comments
Please sign in to leave a comment.