BOSTON -- While some experts laud the time and energy that VMware's new, free vCenter Certificate Automation Tool...
saves, others await a more full-fledged offering.
Automation has become a trusted tool for many admins as they are continually tasked to do more with less. Jumping on this trend in virtualization, and hoping to fill security gaps in vSphere 5.1, VMware Inc. released vCenter Certificate Automation Tool 1.0 in April 2013.
The tool can save three to four days of admins' time and allow smaller companies to focus more on security, according to Mark Gabryjelski, virtualization practice manager at WEI and VCDX #23.
Moving away from self-signed SSL certificates
VMware uses self-signed SSL certificates by default because they are easy to deploy and avoid the cost of having a third-party certificate authority verify authenticity. But self-signed certificates only offer sufficient security when communication remains within a private network and users won't always be able to confirm they are connecting to your server.
Since releasing vSphere 5.1, VMware has taken steps to add other certificates for more secure connections.
"[VMware vSphere] 5.1 was released with extra steps needed to configure the security, without the tools to do it," Brad Maltz, VCDX #36, chief technology officer of Lumenate, said at a VMUG meeting here this month.
The vCenter Certificate Automation tool provides some of the missing capabilities in vSphere 5.1 to assist admins updating their certificates.
"[The tool] makes it easy to apply really good security to a very important part of your infrastructure," said Steve Athanas, Boston VMUG leader and director of systems engineering at the University of Massachusetts Lowell.
Automation to the rescue
Athanas has definite plans to use the tool. "From a user perspective, it's onerous to update certificates across your entire environment," he said.
As with other automation strategies, the tool facilitates a tedious, time-consuming task and helps avoid human error. It's also aimed at making the new certificates more user-friendly. Certificate management is often confusing because of the large array of available certificates and the fact that software vendors generally prefer their own tools.
Not everyone is singing vCenter Certificate Automation Tool's praises, however.
The certificate tool is only a step in the right direction, said Maish Saidel-Keesing, infrastructure administrator and virtualization architect for NDS Group in Jerusalem. Furthermore, the automation process itself comes with risks and the IT community has differing opinions about when, what and how to automate.
Nevertheless, vCenter Certificate Automation should especially benefit small businesses and midmarket customers without certificate teams, as well as those deploying virtual desktop infrastructures where certificates are even more critical.
You can download VMware vCenter Certificate Automation Tool 1.0 for free from the VMware download website.