Virtualization Compliance has become a hot topic lately, particularly in the retail environment. For that industry, there are a confluence of factors that have come together:
The imposition of the PCI standards on the majority of merchants who process credit cards
The fact that PCI is one of the more prescriptive security standards out there, but yet does not acknowledge virtualization as a technology
The growing desire for retailers to virtualize their store environments, due to the tremendous savings that can be achieved when server consolidation is leveraged across hundreds or even thousands of locations
Other standards such as HIPAA and SOX are of course top of mind for IT administrators in those respective industries, and I expect to see more direct questions from virtualization admins in those areas as time goes on.
To help answer the question, "how can I achieve compliance in my virtualized environment", we recently launched the VMware Compliance Center. We have provided some overview information, a list of partner solutions that can help with achieving, maintaining, and demonstrating compliance, and a list of resources, including whitepapers, webcasts, and podcasts from leading vendors in this area.
I would love to here comments from people both on what more you'd like to see in the Compliance Center, as well as on what are the burning issues that you face with compliance, and maybe some tips or lessons learned that you can share with others.
Hi Charu. We have a build standard which we're working through for a project in New York, wiht the dea of retrospectively applying it it elsewhere. Would you be up for reviewing this with the aim of making it a proven practice? It includes elements such as enabling AD authentication for SSH, external syslog servers and so on.