BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Securing a VMware ESXi server at a colo site?
- Subject: [Discuss] Securing a VMware ESXi server at a colo site?
- From: abreauj at gmail.com (John Abreau)
- Date: Mon, 9 Mar 2015 22:53:58 -0400
I'm considering using the free edition of VMware ESXi 5.5 at a co-location site. If I understand correctly, the free edition doesn't include the management console application, so I would have to manage it via a web browser. How do I set it up so I can manage it remotely in a secure manner? My initial thoughts are to close every port on the host server except ssh, and lock down ssh in the usual manner: disable protocol 1, disable password authentication so the only access is via RSA keys, use the AllowUsers directive so only the admins have access to the host server, and access the web management console over an ssh tunnel. I'm assuming that guest VMs wil run in bridged mode, and that the firewall on the host server won't block network access to the guest VMs. Each guest will therefore need its own instance of iptables to firewall itself. Does this approach cover all the bases, or are there issues I've overlooked? -- John Abreau / Executive Director, Boston Linux & Unix Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
- Follow-Ups:
- [Discuss] Securing a VMware ESXi server at a colo site?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Securing a VMware ESXi server at a colo site?
- Prev by Date: [Discuss] --sandbox switch for Ubuntu's do-release-upgrade/update-manager
- Next by Date: [Discuss] --sandbox switch for Ubuntu's do-release-upgrade/update-manager
- Previous by thread: [Discuss] --sandbox switch for Ubuntu's do-release-upgrade/update-manager
- Next by thread: [Discuss] Securing a VMware ESXi server at a colo site?
- Index(es):
