This section covers hardening details for the different platform offerings of the solution. This includes security configuration details for PowerEdge server configurations, VMware vSphere, and VMware vSAN encryption.
Home > Edge > Retail Edge > Guides > Dell Validated Design for Retail Edge - Design Guide with inVia Robotics > Best practices and recommendations
This section covers hardening details for the different platform offerings of the solution. This includes security configuration details for PowerEdge server configurations, VMware vSphere, and VMware vSAN encryption.
The PowerEdge team continuously evolves the security controls, features, and solutions to meet the ever-growing threat landscape. A key security foundation is Silicon Root of Trust. The White Paper: Cyber Resilient Security in Dell PowerEdge Servers details the security features built into the PowerEdge Cyber Resilient Platform, many of which are enabled by the integrated Dell Remote Access Controller (iDRAC9). Many new security features have been added, which span from access control to data encryption to supply chain assurance. These features include:
Further details on iDRAC security can be found in the iDRAC9 Security Configuration Guide.
The VMware vSphere Security Configuration Guide is the baseline for hardening and auditing guidance for vSphere itself. Started more than a decade ago, the SCG has served as a reference for vSphere administrators as they work to protect their infrastructure.
Dell Technologies has validated several test cases to develop a set of vSphere validated security configuration settings. There are test cases for deployments with and without a vCenter-managed deployment. This is important to note, as some ESXi configurations are not applicable when managed by vCenter. The goal is to provide validated security settings that can be applied to the DVD deployment to provide simplified guidance.
For more information, see the following documents:
To further secure your data, encrypt data in transit in your vSAN cluster and encrypt data at rest in your vSAN datastore. vSAN can encrypt data in transit across hosts in the vSAN cluster. Data-in-transit encryption protects data as it moves around the vSAN cluster. vSAN can encrypt data at rest in the vSAN datastore. Data-at-rest encryption protects data on storage devices, in case a device is removed from the cluster. When you enable data-at-rest encryption, vSAN encrypts everything in the vSAN datastore. All files are encrypted, which protects all VMs and their corresponding data. Only administrators with encryption privileges can perform encryption and decryption tasks. For more information, see Using Encryption in a vSAN Cluster.