Enterprise Service Cloud - Docs

Extensions

A standard RHEL installation is used as the basis for a Managed RHEL VM. In this standard installation, several extensions are applied which enable the VM to be operated as Managed RHEL.

Enable Extensions

This extension will prepare the VM for the usage of the configuration management tool. A dedicated service user is created and the required sudo permissions are configured. This extension is always needed as a prerequisite for Managed RHEL. You can find more information here

Managed OS

With this extension, the Operating System is configured according to Swisscom standards so that the operation can be taken over by Swisscom. In addition, the extensions Malware Protection, CIS Hardening, CIS Reporting and Patching are also switched on implicitly. All these extensions are part of the Managed RHEL service.

The extension is initially applied when a Managed RHEL VM is ordered. The extension also activates the scheduler for the regular reapplication of the Managed RHEL OS configurations. This extension cannot be triggered manually.

Malware Protection

The Malware Protection extension is an integral part of the Managed RHEL extension. When the Managed RHEL is activated, the Malware Protection extension is automatically included. This extension installs and configures the malware protection for the VM. The extension cannot be triggered manually.

CIS Hardening

A Managed RHEL VM is hardened according to the Level 1 CIS (Center for Internet Security) benchmark. CIS benchmarks are vendor-agnostic, consensus-based security configuration guides both developed and accepted by government, business, industry, and academia. Additional information about the CIS benchmarks can be found hereopen in new window.

The CIS Hardening extension is an integral part of the Managed RHEL extension. When the Managed RHEL is activated, the CIS Hardening extension is automatically included. This extension is executed only once when the VM is provisioned. The extension can be manually triggered with the action Run CIS Remediation.

CIS Reporting

A Managed RHEL VM is hardened according to the Level 1 CIS (Center for Internet Security) benchmark. Additional information about the CIS benchmarks can be found hereopen in new window.

The extension generates a weekly report of the hardening status of the VM, which is sent to the Security department. The extension also generates a score of the current hardening status, which you can find in the VM property Scc.Mms.CisAssessment.Pct within the vRA portal.

The CIS Reporting extension is an integral part of the Managed RHEL extension. When the Managed RHEL is activated, the CIS Reporting extension is automatically included. This extension activates the scheduler for the weekly creation of the CIS report for the VM. The extension can be manually triggered with the action Run CIS Assessment.

Patching

The Patching extension is an integral part of the Managed RHEL extension. When the Managed RHEL is activated, the Patching extension is automatically included. This extension activates the scheduler for the monthly patching of the VM. The extension can be manually triggered with the action Run On Demand Patching (Patching Extension).

Last Updated: