Compliance is used to monitor the vCenter Server instances, hosts, virtual machines, distributed port groups, and distributed switches in your environment to ensure that the settings on your objects meet the defined standards. You can use vRealize Operations Manager alert definitions to create compliance standards that notify you when an object does not comply with a required standard.

vRealize Operations Manager includes alerts for VMware vSphere Hardening Guide versions 6.0 and 5.5. vRealize Operations Manager generates compliance alerts when symptoms trigger on your vCenter Server instances, hosts, virtual machines, distributed port groups, and distributed switches.

To enforce compliance on virtual machines, vRealize Operations Manager includes several compliance risk profiles. You apply the risk profiles to groups of virtual machines based on whether you must ensure a high, medium, or low level of security in your environment.

Risk Profile 1 includes all available compliance rules as symptoms, and enforces the highest level of security for your virtual machines. This profile is enabled by default.

Risk Profile 2 enforces a medium level of security for your environment, and includes fewer symptoms than Risk Profile 1. This profile is disabled by default.

Risk Profile 3 enforces a low level of security, and includes fewer symptoms than Risk Profile 2. This profile is disabled by default.

All the compliance standards in vRealize Operations Manager, including any standards that you define, are based on alert definitions. The generated alerts and symptoms appear as violations to the compliance standards on the Analysis > Compliance tab for a selected object.

You can find the vSphere Hardening Guides at http://www.vmware.com/security/hardening-guides.html.

The following video is an example of how you can now ensure compliance of your VMware vSphere 6.0 and 5.5 objects, including your vCenter Server instances, ESXi hosts, virtual machines, distributed port groups, and distributed virtual switches. The compliance alerts include definitions and symptoms, and are based on the compliance rules in the vSphere Hardening Guides 6.0 and 5.5.