Encryption at rest – Worth the effort for vSphere HCI?
Encrypting data drives makes sense on a laptop. If you turn it off and it gets lost, a key has to be provided to decrypt the data on the drives to make it readable. But what about the disks of…
Category Security
MFA for Remote Desktop
Option 1: Duo MFA for RDP (fast, easy, proven) Pros: High-level install steps: ▶ Link to official Duo guide:Duo MFA for Windows RDP – Step-by-Step Option 2: Azure MFA with NPS Extension (Microsoft “native” method) Pros: High-level install steps: ▶ Link to official Microsoft guide:Configure NPS…
UEFI Secure Boot
UEFI Secure Boot is a platform feature within the UEFI specification that ensures the system boots using only the software trusted by the hardware manufacturer. Secure Boot provides a verification mechanism in which the firmware validates a boot loader before executing…
Securing vCenter and ESXi Hosts: A VMware Architect’s Guide
In the evolving threat landscape, vCenter Server and ESXi hosts remain high-value targets in the data center. As the foundational control and compute planes of your virtual infrastructure, securing them is essential. Whether you’re operating in a regulated environment or…
Access Hierarchy in vCenter
Ever wondered how you can give a user access to some artifacts within a vCenter and then deny the same user access to other artifacts? The access hierarchy in vCenter is role-based, leveraging permissions applied at various object levels in…
Replication with Dell Recovery Point
Previously, I posted about the replication of two HCIs using array-based or vSphere-based replication. This article addresses a third way or an addition to the two previously mentioned options. Dell Recovery Point for VMs (RP4VMs) synchronizes virtual machines to destination…
Asynchronous Disaster Avoidance: vSphere or Array based replication
As I mentioned in the last article, I will write a new article about a disaster-avoidant solution I am deploying where it makes sense. Disaster avoidance in this setting means that we have a platform that is able to absorb…
Enable vSphere Native Key Provider
To enable the vSphere Native Key Provider on vSphere 8, you can follow these steps. The vSphere Native Key Provider allows encryption-related functionality without needing an external Key Management Server (KMS). The Key provider service is easy to set up…