Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from VMware vSphere 6.7 Cookbook Practical recipes to deploy, configure, and manage VMware vSphere 6.7 components

Product type Paperback

Published in Aug 2019

Publisher

ISBN-13 9781789953008

Length 570 pages

Edition 4th Edition

Tools

vSphere

Concepts

Cloud Computing

Author (1):

Abhilash G B

View More author details

Table of Contents (18) Chapters

Preface

1. Deploying a New vSphere 6.7 Infrastructure FREE CHAPTER

2. Planning and Executing the Upgrade of vSphere

3. Configuring Network Access Using vSphere Standard Switches

4. Configuring Network Access Using vSphere Distributed Switches

5. Configuring Storage Access for Your vSphere Environment

6. Creating and Managing VMFS Datastores

7. SIOC, Storage DRS, and Profile-Driven Storage

8. Configuring vSphere DRS, DPM, and VMware EVC

9. Achieving High Availability in a vSphere Environment

10. Achieving Configuration Compliance Using vSphere Host Profiles

11. Building Custom ESXi Images Using Image Builder

12. Auto-Deploying Stateless and Stateful ESXi Hosts

13. Creating and Managing Virtual Machines

14. Upgrading and Patching Using vSphere Update Manager

15. Securing vSphere Using SSL Certificates

16. Monitoring the vSphere Infrastructure

17. Other Books You May Enjoy

Leave a review - let other readers know what you think

Certificate management using the Hybrid approach

One of the risks involved in making a VMCA the subordinate CA is the fact that anyone with access to the PSC can regenerate Machine SSL certificates for the PSC(s) and vCenter Server(s). In other words, VMCA completely relies on the operating system it is running on, such as Windows/PhotonOS, to secure the key stores. Anyone with root access to the node that's running VMCA can easily read the certificate authorities' root certificate.

Therefore, VMware allows for a much more secure approach, which is commonly referred to as the Hybrid method. In this approach, the Machine SSL of vCenter and PSC are replaced with custom certificates from the Enterprise CA. VCMA is only used to issue certificates for the solution users and ESXi hosts.

The following diagram depicts the Hybrid approach:

The Hybrid approach is the VMware...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Abhilash G B

Abhilash G B is a virtualization specialist, author, and a VMware vExpert (2014-2019). His primary focus is in the areas of data center virtualization and cloud computing. He has been in the IT industry for more than a decade and has been working on VMware products and technologies since the beginning of 2007. He holds several VMware certifications, including VCIX6-DCV, VCAP-DCA/DCD, VCP-DCV, VCP-Cloud, and VCP-NV. He is also the author of six other publications.

See other products by Abhilash G B