Overview
I am going to deploy and configure a Fedora 38 Server for Secure File Transfer Protocol (SFTP). This server will be used to backup VMware vCenter Server.
Continue reading “MyLab: Secure File Transfer Protocol (SFTP) Server”A Technology Journey
I am going to deploy and configure a Fedora 38 Server for Secure File Transfer Protocol (SFTP). This server will be used to backup VMware vCenter Server.
Continue reading “MyLab: Secure File Transfer Protocol (SFTP) Server”These are notes I used to study for the exam.
Continue reading “Advanced Deploy VMware vSphere® 7.x (11/16/2020)”When I test for DISA STIG compliance, I see that they test an individual machine. I like to make a script that can test or add properties to multiple machines at a time; I find this is much more efficient.
Continue reading “PowerCLI: Multiple Virtual Machines Script”Alert Symptoms and Definitions can be set up in Aria Operations, but they will not truly monitor the the virtual machine accurately unless the virtual machines have already been secured!
A lot of the settings in the STIG do not exist by default and therefore cannot be monitored with confidence. It is very important to use a hardened template to save a lot of work. If virtual machines already exist, but have not been secured, you can use the following script (PowerCLI: Multiple Virtual Machines Script) to cut down on the level of effort by tackling more than one virtual machine at a time.
VMware Aria Operations (formerly vRealize Operations) can be used to monitor and alert on VMware vSphere 7.0 STIG compliance. This is helpful for when the environment has already been secured, but during troubleshooting, or other maintenance, the security standards were relaxed and never re-applied. Compliance drifts from the baseline are common and hard to detect without some sort of monitoring system. VMware Aria Operations can alert staff and remind them to button up the security compliance.
Continue reading “VMware Aria Operations to Monitor VMware vSphere 7.0 STIG”This post will contain a listing of Group Policies, in no particular order, that I like to set up. For reference, I generally follow C_ for computer objects and U_ for user objects. If there is a policy that applies to both, I will use CU_.
I like to get these built before I add computer objects to the domain, but sometimes that does not happen. If you add a computer object before a policy is created, you can wait for the policy to apply by default, reboot the computer or server two times (one to obtain the policy and the other to apply), or force an update by using gpupdate
on the new computer or server.
The Domain Name System, or DNS, service is probably one of the most critical services to run in a network. Setting it up in the best available configuration is just as important to ensure there is no downtime.
In my lab, I am running two Microsoft Windows Server 2022 guests with the Microsoft Active Directory Domain Services role installed. This also installs the DNS Server role.
Continue reading “MyLab: Domain Name System (DNS)”Since I am a big fan of VMware, all of my lab will be built using VMware technology. I am using ESXi 7.0 U3 on my base host to build up a nested virtualized environment.
Continue reading “MyLab: The Virtual Machine”