Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Securing a VMware ESXi server at a colo site?



I'm considering using the free edition of VMware ESXi 5.5 at a co-location
site. If I understand correctly, the free edition doesn't include the
management console application, so I would have to manage it via a web
browser.

How do I set it up so I can manage it remotely in a secure manner?

My initial thoughts are to close every port on the host server except ssh,
and lock down ssh in the usual manner: disable protocol 1, disable password
authentication so the only access is via RSA keys, use the AllowUsers
directive so only the admins have access to the host server, and access the
web management console over an ssh tunnel.

I'm assuming that guest VMs wil run in bridged mode, and that the firewall
on the host server won't block network access to the guest VMs. Each guest
will therefore need its own instance of iptables to firewall itself.

Does this approach cover all the bases, or are there issues I've
overlooked?



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org