This page provides a list of recommended secure configuration checks for Dell VxRail systems, and is periodically updated. VxRail is a hyper-converged appliance jointly engineered by Dell EMC and VMware.
Interested to learn about StorageGuard Benchmark Checks for VxRail? |
||
|
|
ID | System | Category | Configuration check |
K163E000P100 | Dell VxRail | Access Control | Approved vxRail administrative users/groups |
K153E00M0105 | Dell VxRail | Access Control | iDRAC account lockout |
K113E000P110 | Dell VxRail | Access Control | iDRAC IP range filtering |
K163E000P115 | Dell VxRail | Access Control | iDRAC management interfaces must be isolated |
K163E000P120 | Dell VxRail | Access Control | iDRAC Security Banner |
K163E000P125 | Dell VxRail | Access Control | IP-based storage traffic isolation |
K163E000P130 | Dell VxRail | Access Control | Network traffic protection by NSX / L3 firewalls |
K163E000P135 | Dell VxRail | Access Control | Session timeout |
K163E000P140 | Dell VxRail | Access Control | SNMP lockout |
K163EI00P145 | Dell VxRail | Audit | Expanded monitoring with auditd |
K063EI00P150 | Dell VxRail | Audit | External syslog server |
K163E000P155 | Dell VxRail | Audit | iDRAC Remote Syslog |
K133E0000160 | Dell VxRail | Audit | NT server configuration |
K163E000P165 | Dell VxRail | Audit | NTP server redundancy |
K163E000P170 | Dell VxRail | Audit | NTP service status |
K163E000P175 | Dell VxRail | Authentication | iDRAC LDAP configuration |
K143E000P180 | Dell VxRail | Authentication | iDRAC 2-Factor Authentication |
K143E00MP185 | Dell VxRail | Authentication | iDRAC Active Directory configuration |
K163E000P190 | Dell VxRail | Authentication | iDRAC default passwords |
K163E000P195 | Dell VxRail | Authentication | iDRAC Password policy |
K163E000P200 | Dell VxRail | Authentication | iDRAC web UI default password |
K163E000P205 | Dell VxRail | Authentication | Maximum password age (vxrail management accounts) |
K163E000P210 | Dell VxRail | Authentication | Minimum password age (vxrail management accounts) |
K163E000P215 | Dell VxRail | Authentication | SNMP authentication |
K163E000P220 | Dell VxRail | Authentication | SNMP community string |
K063E000P225 | Dell VxRail | Authentication | VxRail default passwords |
K163E000P230 | Dell VxRail | Configuration Management | Authorized certificate issuer |
K123E000P235 | Dell VxRail | Configuration Management | DNS server redundancy |
K163E000P240 | Dell VxRail | Configuration Management | DNS service status |
K163E0000245 | Dell VxRail | Configuration Management | iDRAC firmware |
K163E000P250 | Dell VxRail | Configuration Management | Node secure boot |
K183E000P255 | Dell VxRail | Configuration Management | Self-signed certificate |
K163E000P260 | Dell VxRail | Configuration Management | Virtual Console plugin type |
K163E00MP265 | Dell VxRail | Configuration Management | VxRail version |
K163EI00P270 | Dell VxRail | Encryption | iDRAC Remote Syslog TLS |
K163EI00P275 | Dell VxRail | Encryption | iDRAC Self-Signed TLS/SSL Certificate |
K163EI00P280 | Dell VxRail | Encryption | iDRAC web server cipher suite strength |
K143E000P285 | Dell VxRail | Encryption | iDRAC web server SSL encryption strength |
K163E000P290 | Dell VxRail | Encryption | iDRAC web server TLS level |
K163E000P295 | Dell VxRail | Encryption | Secure NTP settings |
K163E000P300 | Dell VxRail | Encryption | Secure proxy type |
K163E0000305 | Dell VxRail | Encryption | SNMP privacy |
K063E000P310 | Dell VxRail | Encryption | TPM present |
K163E000P315 | Dell VxRail | Encryption | Virtual Console SSL encryption |
K163E000P320 | Dell VxRail | Encryption | Virtual Console Video Encryption |
K183E000P325 | Dell VxRail | Encryption | Virtual Media Encryption |
K163E000P330 | Dell VxRail | Encryption | vSAN Encryption |
K163E000P335 | Dell VxRail | Encryption | vSAN Health Check and public HCL connection method |
K163E000P340 | Dell VxRail | Hardening | BIOS System Security |
K163E000P345 | Dell VxRail | Hardening | Default iDRAC user accounts |
K163E000P350 | Dell VxRail | Hardening | FIPS mode |
K163E000P355 | Dell VxRail | Hardening | iDRAC FIPS mode |
K163E000P360 | Dell VxRail | Hardening | iDRAC Local Configuration using iDRAC Settings |
K163EI00P365 | Dell VxRail | Hardening | iDRAC Local Configuration using RACADM |
K163EI00P370 | Dell VxRail | Encryption | iDRAC SSH cipher strength |
K163EI0MP375 | Dell VxRail | Encryption | iDRAC SSH host key algorithms |
K063E000P380 | Dell VxRail | Encryption | iDRAC SSH key exchange algorithms |
K163E000P385 | Dell VxRail | Encryption | iDRAC SSH MAC strength |
K163E000P390 | Dell VxRail | Hardening | iDRAC System Lockdown Mode |
K163EI00P395 | Dell VxRail | Hardening | root remote login |
K163E000P400 | Dell VxRail | Hardening | vSAN Health Check and public HCL state |
K123E0000405 | Dell VxRail | Monitoring | Remote support configuration |
K163E000P410 | Dell VxRail | Monitoring | Remote support status |
K163E000P415 | Dell VxRail | Monitoring | VSAN HealthCheck configuration |
K153E000P420 | Dell VxRail | Services and Protocols | HTTP status |
K163E000P425 | Dell VxRail | Services and Protocols | iDRAC web server HTTP status |
K163E000P430 | Dell VxRail | Services and Protocols | IPMI over LAN disabled |
K163E000P435 | Dell VxRail | Services and Protocols | Lifecycle Controller enabled protocols |
K163E000P440 | Dell VxRail | Services and Protocols | Serial Over LAN disabled |
K163E000P445 | Dell VxRail | Services and Protocols | SNMP status |
K063E000P450 | Dell VxRail | Services and Protocols | SNMP version |
K163E00MP455 | Dell VxRail | Services and Protocols | Telnet Disabled |
K163E000P460 | Dell VxRail | Services and Protocols | Telnet status |
K123E000P465 | Dell VxRail | Services and Protocols | VxRail SaaS multi-cluster management configuration |
... and more. |
NOTE: Additional security baseline checks should be performed for VMware vCenter, iDRAC, Linux and other Dell VxRail components.
Interested to learn about StorageGuard Security Posture Management for VxRail?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.