Overview
These are notes I used to study for the exam.
Continue reading “Advanced Deploy VMware vSphere® 7.x (11/16/2020)”PowerCLI: Multiple Virtual Machines Script
Overview
When I test for DISA STIG compliance, I see that they test an individual machine. I like to make a script that can test or add properties to multiple machines at a time; I find this is much more efficient.
Continue reading “PowerCLI: Multiple Virtual Machines Script”VMware Aria Operations to Monitor VMware vSphere 7.0 STIG
Important!
Alert Symptoms and Definitions can be set up in Aria Operations, but they will not truly monitor the the virtual machine accurately unless the virtual machines have already been secured!
A lot of the settings in the STIG do not exist by default and therefore cannot be monitored with confidence. It is very important to use a hardened template to save a lot of work. If virtual machines already exist, but have not been secured, you can use the following script (PowerCLI: Multiple Virtual Machines Script) to cut down on the level of effort by tackling more than one virtual machine at a time.
Overview
VMware Aria Operations (formerly vRealize Operations) can be used to monitor and alert on VMware vSphere 7.0 STIG compliance. This is helpful for when the environment has already been secured, but during troubleshooting, or other maintenance, the security standards were relaxed and never re-applied. Compliance drifts from the baseline are common and hard to detect without some sort of monitoring system. VMware Aria Operations can alert staff and remind them to button up the security compliance.
Continue reading “VMware Aria Operations to Monitor VMware vSphere 7.0 STIG”MyLab: Group Policy Objects
Overview
This post will contain a listing of Group Policies, in no particular order, that I like to set up. For reference, I generally follow C_ for computer objects and U_ for user objects. If there is a policy that applies to both, I will use CU_.
I like to get these built before I add computer objects to the domain, but sometimes that does not happen. If you add a computer object before a policy is created, you can wait for the policy to apply by default, reboot the computer or server two times (one to obtain the policy and the other to apply), or force an update by using gpupdate on the new computer or server.
MyLab: Domain Name System (DNS)
Overview
The Domain Name System, or DNS, service is probably one of the most critical services to run in a network. Setting it up in the best available configuration is just as important to ensure there is no downtime.
In my lab, I am running two Microsoft Windows Server 2022 guests with the Microsoft Active Directory Domain Services role installed. This also installs the DNS Server role.
MyLab: The Virtual Machine
Overview
Since I am a big fan of VMware, all of my lab will be built using VMware technology. I am using ESXi 7.0 U3 on my base host to build up a nested virtualized environment.
Continue reading “MyLab: The Virtual Machine”MyLab: Microsoft Remote Desktop Session Host (RDSH)
Overview
I am choosing to install Microsoft Remote Desktop Session Host servers to host published applications. I am going to use an automated farm which means there will be a virtual machine that will act as a single “golden image” and will be replicated to more than one. This eases management when installing new applications and updating previously installed applications.
Continue reading “MyLab: Microsoft Remote Desktop Session Host (RDSH)”