Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
VMware vSphere 6.7 Cookbook

You're reading from   VMware vSphere 6.7 Cookbook Practical recipes to deploy, configure, and manage VMware vSphere 6.7 components

Arrow left icon
Product type Paperback
Published in Aug 2019
Publisher
ISBN-13 9781789953008
Length 570 pages
Edition 4th Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Abhilash G B Abhilash G B
Author Profile Icon Abhilash G B
Abhilash G B
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Deploying a New vSphere 6.7 Infrastructure FREE CHAPTER 2. Planning and Executing the Upgrade of vSphere 3. Configuring Network Access Using vSphere Standard Switches 4. Configuring Network Access Using vSphere Distributed Switches 5. Configuring Storage Access for Your vSphere Environment 6. Creating and Managing VMFS Datastores 7. SIOC, Storage DRS, and Profile-Driven Storage 8. Configuring vSphere DRS, DPM, and VMware EVC 9. Achieving High Availability in a vSphere Environment 10. Achieving Configuration Compliance Using vSphere Host Profiles 11. Building Custom ESXi Images Using Image Builder 12. Auto-Deploying Stateless and Stateful ESXi Hosts 13. Creating and Managing Virtual Machines 14. Upgrading and Patching Using vSphere Update Manager 15. Securing vSphere Using SSL Certificates 16. Monitoring the vSphere Infrastructure 17. Other Books You May Enjoy

Certificate management using the Hybrid approach

One of the risks involved in making a VMCA the subordinate CA is the fact that anyone with access to the PSC can regenerate Machine SSL certificates for the PSC(s) and vCenter Server(s). In other words, VMCA completely relies on the operating system it is running on, such as Windows/PhotonOS, to secure the key stores. Anyone with root access to the node that's running VMCA can easily read the certificate authorities' root certificate.

Therefore, VMware allows for a much more secure approach, which is commonly referred to as the Hybrid method. In this approach, the Machine SSL of vCenter and PSC are replaced with custom certificates from the Enterprise CA. VCMA is only used to issue certificates for the solution users and ESXi hosts.

The following diagram depicts the Hybrid approach:

The Hybrid approach is the VMware...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at R$50/month. Cancel anytime