If your VMware ESXi 4.0 & 4.1 servers are joined in VMware vCenter Server infrastructure then you can enchance security for these hosts. Follow on VMware Security Hardening you need to enable Lockdown Mode to restrict root access (HCN02 requirement).
Lockdown mode forces all operations to be performed through vCenter Server (you can continue to use Direct Console User Interface aka DCUI to manage host).
VMware Security Hardening guide notes that lockdown mode can be enabled or disabled in two places:
• In the vSphere Client, when connected to the vCenter Server managing the host
• In the DCUI of the host
In ESXi 4.0:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_is_enabled
To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_enable
To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_disable
In ESXi 4.1:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled
To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_exit
To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_enter
See VMware kb to more details
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.