BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Securing a VMware ESXi server at a colo site?
- Subject: [Discuss] Securing a VMware ESXi server at a colo site?
- From: abreauj at gmail.com (John Abreau)
- Date: Tue, 10 Mar 2015 09:54:44 -0400
- In-reply-to: <BN3PR0401MB1204209CD4A6713DD4CEB2E3DC180@BN3PR0401MB1204.namprd04.prod.outlook.com>
- References: <CAFv2jcbpKwLb078MUBhzAfPH5jNvYnKPBQfUkXz3S-XJ8AhTMA@mail.gmail.com> <BN3PR0401MB1204209CD4A6713DD4CEB2E3DC180@BN3PR0401MB1204.namprd04.prod.outlook.com>
Is the vSphere Client part of the free edition of ESXi? I thought I had read somewhere that it was only for the commercial edition of ESXi, and that you had to manage the free edition through a web interface. On Tue, Mar 10, 2015 at 9:46 AM, Edward Ned Harvey (blu) <blu at nedharvey.com> wrote: > > From: Discuss [mailto:discuss-bounces+blu=nedharvey.com at blu.org] On > > Behalf Of John Abreau > > > > I'm considering using the free edition of VMware ESXi 5.5 at a > co-location > > site. If I understand correctly, the free edition doesn't include the > > management console application, so I would have to manage it via a web > > browser. > > > > How do I set it up so I can manage it remotely in a secure manner? > > > > My initial thoughts are to close every port on the host server except > ssh, > > and lock down ssh in the usual manner: disable protocol 1, disable > password > > Nope, nope, nope, nope. > > First of all, ESXi is not to be managed via ssh. Although you can enable > ssh, and lots of useful things can be done that way, it's the most > difficult way to do anything, it's unsupported, and lots of unexpected > gotchas will certainly getchya. The "right" thing to do is to install > vSphere Client on a windows machine, and use it to remote admin the > server. The *only* thing you should do outside of vSphere Client, is to > boot from the install disk, enter IP address, and root password during bare > metal installation. Also configure your RAID card in BIOS. > > That being said - you absolutely, definitely, should not open vSphere > traffic over the internet. You'll need a VPN, connected to the "primary" > network interface of the ESXi host, which you'll use for management. Let > all the VM's use a different ethernet jack, so the VM traffic is isolated > from the management traffic. The only way to get to the management > interface is via your VPN. > -- John Abreau / Executive Director, Boston Linux & Unix Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
- Follow-Ups:
- [Discuss] Securing a VMware ESXi server at a colo site?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Securing a VMware ESXi server at a colo site?
- References:
- [Discuss] Securing a VMware ESXi server at a colo site?
- From: abreauj at gmail.com (John Abreau)
- [Discuss] Securing a VMware ESXi server at a colo site?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Securing a VMware ESXi server at a colo site?
- Prev by Date: [Discuss] Securing a VMware ESXi server at a colo site?
- Next by Date: [Discuss] Securing a VMware ESXi server at a colo site?
- Previous by thread: [Discuss] Securing a VMware ESXi server at a colo site?
- Next by thread: [Discuss] Securing a VMware ESXi server at a colo site?
- Index(es):
