The vCenter Server must enable the vSAN Health Check.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-243109 | VCTR-67-000053 | SV-243109r719570_rule | Medium |
| Description |
|---|
| The vSAN Health Check is used for additional alerting capabilities, performance stress testing prior to production usage, and verifying that the underlying hardware officially is supported by being in compliance with the vSAN Hardware Compatibility Guide. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 vCenter Security Technical Implementation Guide | 2021-04-16 |
Details
| Check Text ( C-46384r719568_chk ) |
|---|
| If no clusters are enabled for vSAN, this is not applicable. From the vSphere Client, go to Hosts and Clusters. Select a vSAN Enabled Cluster >> Configure >> vSAN >> Services >> Health Service. Review the "Health Service Status" and verify that it is set to "Enabled". If vSAN is enabled and the vSAN Health Service is disabled, this is a finding. |
| Fix Text (F-46341r719569_fix) |
|---|
| From the vSphere Client, go to Hosts and Clusters >> select a vSAN Enabled Cluster >> Configure >> vSAN >> Services. Click "Edit" next to "Health Service". Click the slider to "Turn On Periodical Health Check" and configure the time interval as necessary (default is 60 minutes). |