Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Securing a VMware ESXi server at a colo site?

Is the vSphere Client part of the free edition of ESXi? I thought I had
read somewhere that it was only for the commercial edition of ESXi, and
that you had to manage the free edition through a web interface.

On Tue, Mar 10, 2015 at 9:46 AM, Edward Ned Harvey (blu) <blu at>

> > From: Discuss [ at] On
> > Behalf Of John Abreau
> >
> > I'm considering using the free edition of VMware ESXi 5.5 at a
> co-location
> > site. If I understand correctly, the free edition doesn't include the
> > management console application, so I would have to manage it via a web
> > browser.
> >
> > How do I set it up so I can manage it remotely in a secure manner?
> >
> > My initial thoughts are to close every port on the host server except
> ssh,
> > and lock down ssh in the usual manner: disable protocol 1, disable
> password
> Nope, nope, nope, nope.
> First of all, ESXi is not to be managed via ssh.  Although you can enable
> ssh, and lots of useful things can be done that way, it's the most
> difficult way to do anything, it's unsupported, and lots of unexpected
> gotchas will certainly getchya.  The "right" thing to do is to install
> vSphere Client on a windows machine, and use it to remote admin the
> server.  The *only* thing you should do outside of vSphere Client, is to
> boot from the install disk, enter IP address, and root password during bare
> metal installation.  Also configure your RAID card in BIOS.
> That being said - you absolutely, definitely, should not open vSphere
> traffic over the internet.  You'll need a VPN, connected to the "primary"
> network interface of the ESXi host, which you'll use for management.  Let
> all the VM's use a different ethernet jack, so the VM traffic is isolated
> from the management traffic.  The only way to get to the management
> interface is via your VPN.

John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at / WWW / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /