Recently I have been involved with deployment of PCI DSS at TeleTech for the APAC region. It’s good to say that TeleTech has been oficially declared PCI compliant however VMware is still on track to get their products certified. This puts a barrier for organizations with high virtualisation levels but I am not here to discuss the PCI requirements and its validity. Dwayne Melancon has already started this discussion for us Security, Compliance and Best Practices » Blog Archive » The need for a new perspective.
During our work with PCI we were forced to distribute firewalls in front and behind (or in transparent mode) different servers and applications with no exception to ESX/ESXi and VSphere hosts. Services like Service Console and VKernel had to be placed in dedicated VLans – there it goes “Best Practices” – but unused TCP ports had to be also locked down.
I found a very good blog entry at lotoga labs containing list of all network ports used by VMware products. This came very handy and I would like to share it with you.
Have Fun and Break a Leg