Revision 1.7Oct 19, 2022
Functional Update
- Administrative actions are logged
- All network interfaces are operating in full-duplex mode
- Auto-start is not enabled
- Disable promiscuous mode on all network interfaces
- Disallow unplug detection on the storage network interface
- Enable QoS on all VM guests
- Enable port locking by default on the VM guest network
- Enable remote syslog
- External authentication is disabled
- High availability is enabled
- Host is enabled
- Identify a network interface to be used for storage access
- Install a trusted CA certificate on the pool
- Install a trusted certificate in place of the default self-signed SSL certificate
- List non-default VM templates
- Passwords stored in 'secrets' are not visible
- Restrict allowed IPv4 addresses used by each VM guest
- Restrict allowed IPv6 addresses used by each VM guest
- Review accounts used to mount remote storage
- Snapshots are not present
- Use a static IP on the management network interface
- Use a static IP on the storage network interface