This page provides a list of recommended secure configuration checks for Dell EMC VxRail systems, and is periodically updated.
VxRail is a hyper-converged appliance jointly engineered by Dell EMC and VMware.
| System | Category | Configuration check |
| Dell EMC VxRail | Access Control | Approved vxRail administrative users/groups |
| Dell EMC VxRail | Access Control | iDRAC account lockout |
| Dell EMC VxRail | Access Control | iDRAC IP range filtering |
| Dell EMC VxRail | Access Control | iDRAC management interfaces must be isolated |
| Dell EMC VxRail | Access Control | iDRAC Security Banner |
| Dell EMC VxRail | Access Control | IP-based storage traffic isolation |
| Dell EMC VxRail | Access Control | Network traffic protection by NSX / L3 firewalls |
| Dell EMC VxRail | Access Control | Session timeout |
| Dell EMC VxRail | Access Control | SNMP lockout |
| Dell EMC VxRail | Audit | Expanded monitoring with auditd |
| Dell EMC VxRail | Audit | External syslog server |
| Dell EMC VxRail | Audit | iDRAC Remote Syslog |
| Dell EMC VxRail | Audit | NT server configuration |
| Dell EMC VxRail | Audit | NTP server redundancy |
| Dell EMC VxRail | Audit | NTP service status |
| Dell EMC VxRail | Authentication | iDRAC LDAP configuration |
| Dell EMC VxRail | Authentication | iDRAC 2-Factor Authentication |
| Dell EMC VxRail | Authentication | iDRAC Active Directory configuration |
| Dell EMC VxRail | Authentication | iDRAC default passwords |
| Dell EMC VxRail | Authentication | iDRAC Password policy |
| Dell EMC VxRail | Authentication | iDRAC web UI default password |
| Dell EMC VxRail | Authentication | Maximum password age (vxrail management accounts) |
| Dell EMC VxRail | Authentication | Minimum password age (vxrail management accounts) |
| Dell EMC VxRail | Authentication | SNMP authentication |
| Dell EMC VxRail | Authentication | SNMP community string |
| Dell EMC VxRail | Authentication | VxRail default passwords |
| Dell EMC VxRail | Configuration Management | Authorized certificate issuer |
| Dell EMC VxRail | Configuration Management | DNS server redundancy |
| Dell EMC VxRail | Configuration Management | DNS service status |
| Dell EMC VxRail | Configuration Management | iDRAC firmware |
| Dell EMC VxRail | Configuration Management | Node secure boot |
| Dell EMC VxRail | Configuration Management | Self-signed certificate |
| Dell EMC VxRail | Configuration Management | Virtual Console plugin type |
| Dell EMC VxRail | Configuration Management | VxRail version |
| Dell EMC VxRail | Encryption | iDRAC Remote Syslog TLS |
| Dell EMC VxRail | Encryption | iDRAC Self-Signed TLS/SSL Certificate |
| Dell EMC VxRail | Encryption | iDRAC web server cipher suite strength |
| Dell EMC VxRail | Encryption | iDRAC web server SSL encryption strength |
| Dell EMC VxRail | Encryption | iDRAC web server TLS level |
| Dell EMC VxRail | Encryption | Secure NTP settings |
| Dell EMC VxRail | Encryption | Secure proxy type |
| Dell EMC VxRail | Encryption | SNMP privacy |
| Dell EMC VxRail | Encryption | TPM present |
| Dell EMC VxRail | Encryption | Virtual Console SSL encryption |
| Dell EMC VxRail | Encryption | Virtual Console Video Encryption |
| Dell EMC VxRail | Encryption | Virtual Media Encryption |
| Dell EMC VxRail | Encryption | vSAN Encryption |
| Dell EMC VxRail | Encryption | vSAN Health Check and public HCL connection method |
| Dell EMC VxRail | Hardening | BIOS System Security |
| Dell EMC VxRail | Hardening | Default iDRAC user accounts |
| Dell EMC VxRail | Hardening | FIPS mode |
| Dell EMC VxRail | Hardening | iDRAC FIPS mode |
| Dell EMC VxRail | Hardening | iDRAC Local Configuration using iDRAC Settings |
| Dell EMC VxRail | Hardening | iDRAC Local Configuration using RACADM |
| Dell EMC VxRail | Encryption | iDRAC SSH cipher strength |
| Dell EMC VxRail | Encryption | iDRAC SSH host key algorithms |
| Dell EMC VxRail | Encryption | iDRAC SSH key exchange algorithms |
| Dell EMC VxRail | Encryption | iDRAC SSH MAC strength |
| Dell EMC VxRail | Hardening | iDRAC System Lockdown Mode |
| Dell EMC VxRail | Hardening | root remote login |
| Dell EMC VxRail | Hardening | vSAN Health Check and public HCL state |
| Dell EMC VxRail | Monitoring | Remote support configuration |
| Dell EMC VxRail | Monitoring | Remote support status |
| Dell EMC VxRail | Monitoring | VSAN HealthCheck configuration |
| Dell EMC VxRail | Services and Protocols | HTTP status |
| Dell EMC VxRail | Services and Protocols | iDRAC web server HTTP status |
| Dell EMC VxRail | Services and Protocols | IPMI over LAN disabled |
| Dell EMC VxRail | Services and Protocols | Lifecycle Controller enabled protocols |
| Dell EMC VxRail | Services and Protocols | Serial Over LAN disabled |
| Dell EMC VxRail | Services and Protocols | SNMP status |
| Dell EMC VxRail | Services and Protocols | SNMP version |
| Dell EMC VxRail | Services and Protocols | Telnet Disabled |
| Dell EMC VxRail | Services and Protocols | Telnet status |
| Dell EMC VxRail | Services and Protocols | VxRail SaaS multi-cluster management configuration |
| ... and more. |
NOTE: Additional security baseline checks should be performed for VMware vCenter, iDRAC, Linux and other Dell EMC VxRail components.
|
Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? |
Comments
0 comments
Please sign in to leave a comment.