Understanding the vGW Series Compliance Module

This topic covers the Compliance module of the vGW Security Design VM that lets you monitor the compliance of your overall system with regard to industry standards best practices. Additionally, you can define rules that reflect your organization’s best practices. That is, rather than using only industry best practices or standards guidelines such as PCI and HIPAA, you can define your own compliance requirements.

This topic contains the following sections:

The Compliance Module

The Compliance module relies on a rule editor that allows you to use multiple attributes about the VMware infrastructure and associated VMs to establish criteria for each designed rule. The Compliance module supports both IPv4 and IPv6 addresses. You can use any of the vGW Series built-in compliance rules in both IPv4 and IPv6 environments.

By using compliance rules to monitor key configuration parameters, you can quickly ascertain the overall state of your virtual security system. For example, you can create a compliance rule that states that non-administrative VMs are not allowed to be connected to a specific port group.

Violation of the designated rules impacts the overall compliance state. You can view details on the violations in the reports and status pages.

The Compliance page contains two tabs:

The Compliance Tab

The Compliance tab displays a compliance meter that indicates the current level of compliance for the VM or group of VMs selected in the VM tree. It also shows statistical data that was used to calculate the overall compliance level.

Figure 103: vGW Series Compliance Module

vGW Series Compliance Module

To reflect the current compliance level, the compliance meter is refreshed automatically at 60 second intervals.

If you selected a VM group in the VM tree, the compliance meter shows the overall compliance percentage for all VMs in the group. The table below the meter lists each VM by name and shows its individual compliance level.

To display the compliance rules associated with the group, click Show Rules. A table appears listing each rule. It gives the name, weight, the number of VMs that the rule applies to, and the compliance status of the rule.

If you selected a single VM in the VM Tree, the compliance meter displays the current compliance of the individual machine and the rules protecting it.

The Rules Tab

The Rules tab allows you to create and manage compliance rules. This tab includes a list of defined rules that includes the name of the rule, its weight, and any labels associated with it. Labels group rules in categories.

Figure 104: vGW Series Compliance Module Rules Tab

vGW Series Compliance Module Rules Tab

You can narrow the list of rules displayed using the Filter by menu.

Note: vGW Series provides several built-in compliance rules and templates which assess the virtual infrastructure against security and hardening guidelines from VMware. These rules are also good examples to use to learn how the Compliance module works. You can use these built-in compliance rules in both IPv4 and IPv6 environments.

Related Documentation