vCenter : verify-nfc-ssl

Information

Enable SSL for Network File copy (NFC).
NFC (Network File Copy) is the name of the mechanism used to migrate or clone a VM between two ESXi hosts over the network.

***By default, NFC over SSL is enabled (ie: "True") within a vSphere cluster but the value of the setting is null.***

Clients check the value of the setting and default to not using SSL for performance reasons if the value is null. This behavior can be changed by ensuring the setting has been explicitly created and set to "True". This will force clients to use SSL.

http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-B58A5750-A15C-4051-BD87-49F3B5C762B5.html

Solution

$vCenter = "MyvCenterFQDN"
$nfcset = get-advancedsetting -entity $vCenter -name config.nfc.useSSL | set-AdvancedSetting -value true -confirm:$false

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vSphere_6_0_Hardening_Guide_GA_15_Jun_2015.xls

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(1)

Plugin: VMware

Control ID: 26fe255eb6f3c86b04c5dbcbc0e9303a59c35e73ca1a669ebe7ec4bef49a4c9a