VMware software is used worldwide to securely and reliably host hundreds of millions of virtual machines. This repository contains technical security guidance, code samples, and other information designed to ease system design, system hardening, and regulatory compliance efforts. This guidance focuses on VMware Cloud Foundation and VMware vSphere Foundation.
Note
This repository is a work-in-progress as content is moved from other parts of legacy VMware sites. Thank you for your patience during this transition.
The permanent link https://bit.ly/vcf-security is being maintained as VMware documentation is assimilated into Broadcom. We understand that some organizations treat particular redirectors as security risks and block them. Please see LINKS.md for more information and links to additional resources.
This repository is structured to accommodate different types of content, and will be listed under the product and version it was developed for or with. Product versions may be up to three digits as needed. Use the most specific guidance available (for example, if you are using vSphere 8.0.2 you would choose 8.0.2 if it's present, or 8.0 if not).
- features-capabilities: information on specific features, functions, and capabilities in the products.
- ransomware-resources: information on defending against ransomware.
- regulatory-compliance: information on how the products work, and guidance on meeting regulatory compliance requirements using VMware products.
- security-advisories: information pertaining specifically to an individual VMware Security Advisory (VMSA).
- security-configuration-hardening-guide: security configuration and hardening baselines for VMware products.
- security-design: information useful when designing secure VMware Cloud Foundation environments.
Please see SUPPORT.md.
Please see LICENSE.md.
This repository and the documents within is intended to provide general guidance for organizations that are considering Broadcom solutions. The information contained in this document is for educational and informational purposes only. This repository is not intended to provide advice and is provided “AS IS.” Broadcom makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of requirements and effectiveness of implementations.
This material is provided as is and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright holder or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. The provider makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of this sample. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of requirements and effectiveness of implementations. You acknowledge that there may be performance or other considerations, and that these examples may make assumptions which may not be valid in your environment or organization.
The primary curator of this repository is Bob Plankers, reachable at [email protected]. Individual components may have other authors, as noted.