-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vSphere Admin documentation presents security information in a fragmented way #424
Comments
@zjs I have overhauled the Security Reference, attempting to address all of the points you made above. Because the Security Reference is for all of VIC, and because most of the security information elsewhere in the doc relates to VIC Engine and VCHs, I have inverted your suggestion of grouping all security information in the reference, and linking to it from the other parts of the doc. So, the Security Reference is now mostly a collection of links to other sections. However, as a part of a wider reorg of the As a result we now have:
Does this improve things? |
@zjs another question: how exactly does |
Definitely!
I'm not sure I can provide a complete list, but enabling SSH and setting a root password would both seem to have security implications. I'm also not clear on exactly how the |
Thanks @zjs - as far as I am aware, |
The vSphere Admin documentation helpfully includes a "Security Reference" section (https://vmware.github.io/vic-product/assets/files/html/1.1/vic_vsphere_admin/security_reference.html).
It would be even better if:
Some more specific feedback:
--allow
will do: will it open "all outbound TCP traffic" (as stated in the introduction) or "open the port" (as stated in the last bullet). If the former, the security considerations should be discussed in the Security Reference.--force
and--no-tlsverify
options are mentioned in a few places with various amounts of commentary on the security impact, but not at all in the Security Reference. (Including mention in examples with no commentary other than "Disables the verification of clients that connect to this VCH" and "Disables the verification of the ESXi host certificate".) At the very least, all mentions of options like these should refer to a discussion of the security considerations, included in or referenced by the Security Reference.--force
).The text was updated successfully, but these errors were encountered: