In order to secure connections between clients, ESXi host systems and the vCenter Server system SSL is used. When an ESXi host system or vCenter Server system is installed, the installation will include SSL certificates by default to establish an initial connection. In order to connect ESXi host systems to a managed vCenter Server system … More Security – Part Three: Generating ESXi Host Certificates
In order to access an ESXi host system using a SSH client there is a requirement to connect to the remote host. By default, the ESXi host system does not enable SSH connections and therefore there is a requirement to enable access to an ESXi host system to use SSH. This can be performed from … More Security – Part Two: Configure ESXi Host SSH Settings
By default, there are no restrictions set on the local root user account on an ESXi host system. However, the local non-root users must satisfy the requirements of the password compliance policy defined by the Pluggable Authentication Module (PAM). By default, the ESXi host system checks for password compliance using the pas_passwdqc.so PAM module. The … More Security – Part One: Enabling strong passwords and configuring password policies
By default Brocade SAN switches have the Telnet protocol enabled, you may wish to disable this as part of security hardening of your devices to mitigate to the session being transmitted in clear text and enforce SSH connectivity as the management protocol. In order to disable the Telnet protocol you will be required to modify the … More Disabling the Telnet protocol on Brocade SAN switches
I was recently configuring the Authentication Service on a number of ESXi hosts to join them to an Active Directory domain to manage local user authentication. This is possible using the vSphere Web Client or Client but requires the configuration change to be made on each ESXi host manually and adds an administrative overhead, so lets … More PowerCLI – Joining an ESXi host to an Active Directory domain
