Edge SoftwarePredix Edge Virtual Machine Appliance
VMware ESXi and vSphere Hardening and Patch Management
The currently supported production platform for Predix Edge virtual machines is VMware vSphere/ESXi 6.5 and 6.7. As with any software platform, we recommend keeping your deployment up to date with the latest updates from VMware, in accordance with an overall vulnerability management process.
We recommend following the steps in the VMware hardening guides.
Production and Development VM Images
Two variants of the virtual machine image are available: production and development. Only the production image should ever be used in production/deployment scenarios.
There are several features that differ between the two images that are optimized for security (for production) or ease of use (for development).
Though not an exhaustive list, some important differences include:
- Production images require all Predix Edge applications to contain a valid signature, whereas development images do not enforce application signatures, allowing potentially malicious applications to be run.
- Production images have SSH disabled, whereas development images allow logging into the system with the insecure account (user: root/password: root) in addition to the developer RSA key pair.