Check: VCTR-67-000053
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000053
(in version v1 r1)
Title
The vCenter Server must enable the vSAN Health Check. (Cat II impact)
Discussion
The vSAN Health Check is used for additional alerting capabilities, performance stress testing prior to production usage, and verifying that the underlying hardware officially is supported by being in compliance with the vSAN Hardware Compatibility Guide.
Check Content
If no clusters are enabled for vSAN, this is not applicable. From the vSphere Client, go to Hosts and Clusters. Select a vSAN Enabled Cluster >> Configure >> vSAN >> Services >> Health Service. Review the "Health Service Status" and verify that it is set to "Enabled". If vSAN is enabled and the vSAN Health Service is disabled, this is a finding.
Fix Text
From the vSphere Client, go to Hosts and Clusters >> select a vSAN Enabled Cluster >> Configure >> vSAN >> Services. Click "Edit" next to "Health Service". Click the slider to "Turn On Periodical Health Check" and configure the time interval as necessary (default is 60 minutes).
Additional Identifiers
Rule ID: SV-243109r719570_rule
Vulnerability ID: V-243109
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |