As part of my job as a consultant at VMware, I get to deliver Health Check & Architecture Reviews engagement on regular basis. I have found quite few best practices that is generally missed by most & thought to document the top 5 in here for everyone to benefit. Maybe on the next round more enterprises will pass these best practices check. The list below is not ordered in any manner, its just how they happen to kick into my mind and all of them quite important best practice to follow unless you have a strong reason not to.
1- Change port group security default settings ForgedTransmits and MACAddressChanges to Reject unless the application requires the defaults. As well ensure promiscuous mode kept its default setting of reject unless your application require it. The reason why you want to ensure all these are set to reject is to increase your environment security as the last thing you want to allow in your environment is some one forge transmitting packages on your network or a compromised VM claiming to be some one else & crashing another VM and receiving packets meant to be sent to it. Even worse if you have promiscuous mode set to accept then a VM can sniff all the data flowing on that particular port group.… Read More