To provide information regarding security tools in the VMC SDDC environment and how to request approval.

Symptoms:
Penetration or Security testing is required against a VMware Cloud (VMC) SDDC.

The management components of VMC are continuously scanned for vulnerabilities, and if found, public guidance is released. This includes the responsibility for protecting the software and systems that make up the VMware Cloud service. 

Penetration and Security testing is allowed against an SDDC. If penetration and security testing is needed, approval is required first. This will send a notification sent to the internal VMC team that includes test plans and dates. 

To request this approval, please fill out this Request Form. This is to be completed by the Customer's Engineer who will be executing the testing. See the VMC on AWS FAQ for more information.

Impact/Risks:
Third-party tools that are commonly used to detect VMware versions and patching may not work within VMC as the service is running on customized vSphere code base. This may cause false positives within these third-party tools.