ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

Menu
  • Shop
    • Datacenter
      • vSphere Essentials
      • vSphere Essentials PLUS
      • vSphere Standard
      • vSphere with Operations Management
      • vCenter Server Standard
      • vSphere Remote Office Branch Office
    • Desktop
      • VMware Workstation Pro
      • VMware Fusion Pro
      • VMware Fusion
      • Player Pro
    • Datacenter and Cloud
      • VMware SRM
      • vCenter Server Editions
    • Desktop
      • VMware Mirage
      • VMware Socialcast
      • Horizon Flex
      • VMware Horizon
    • Close
  • Study Guides
      • VCP6.7-DCV
          • VCP6.7-DCV 2019
        • Close
      • VCP6.5-DCV
          • VCP65-DCV-cert
        • Close
      • VCP6-DTM
          • VCP6-DTM
        • Close
      • VMware Mirage
          • mirageVMware Mirage
        • Close
    • Close
  • VMware
    • Configuration Maximums
    • vSphere
      • vSphere 6.7
      • vSphere 6.5
      • vSphere 6.0
      • vSphere 5.5
      • vSphere 5.1
      • Close
    • VMworld
      • VMworld 2019
      • VMworld 2018
      • VMworld 2017
      • VMworld 2016
      • VMworld 2015
      • VMworld 2014
      • VMworld 2013
      • VMworld 2012
      • VMworld 2011
      • Close
    • Close
  • Microsoft
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Close
  • Categories
    • Tips – VMware, Microsoft and General IT tips and definitions, What is this?, How this works?
    • Server Virtualization – VMware ESXi, ESXi Free Hypervizor, VMware vSphere Server Virtualization, VMware Cloud and Datacenter Virtualization
    • Backup – Virtualization Backup Solutions, VMware vSphere Backup and ESXi backup solutions.
    • Desktop Virtualization – Desktop Virtualization, VMware Workstation, VMware Fusion, VMware Horizon View, tips and tutorials
    • How To – ESXi Tutorials, IT and virtualization tutorials, VMware ESXi 4.x, ESXi 5.x and VMware vSphere. VMware Workstation and other IT tutorials.
    • Free Stuff – Free virtualization utilities, ESXi Free, Monitoring and free backup utilities for ESXi and Hyper-V. Free IT tools.
    • Videos – VMware Virtualization Videos, VMware ESXi Videos, ESXi 4.x, ESXi 5.x tips and videos.
    • Home Lab
    • Reviews – Virtualization Software and reviews, Disaster and backup recovery software reviews. Virtual infrastructure monitoring software review.
    • Close
  • Partners
    • Altaro
    • NAKIVO
    • StarWind
    • Veeam
    • Vembu
    • Zerto
    • Close
  • This Web
    • News
    • ESXi Lab
    • About
    • Advertise
    • Archives
    • Disclaimer
    • IT Books
    • Close
  • Free Tools
  • Books

ESXi 6.0 Security and Password Complexity Changes

By Vladan SEGET | Last Updated: March 17, 2015

Shares

VMware ESXi 6.0 increased scalability by doubling almost all the numbers. Cluster size is now 64 hosts (previously 32) with up to 8000 VMs in single cluster. You can read all the details about scalability of vSphere 6 and VMware ESXi hypervisor in my detailed post here – vSphere 6 Features – New Config Maximums, Long Distance vMotion and FT for 4vCPUs. But in this post I'd like to point to changes to ESXi Security and all the enhancements that have been done concerning ESXi 6.0 Security and Password Complexity.

ESXi introduces new ESXCLI commands to manage local accounts. Those commands can add, list, modify or remove users across all hosts in a cluster through vCenter server. Functionality previously only available through direct connection to a host.

Permisson management can now also be done centrally – settings, removing, listing local permissions on ESXi servers.

Account Lockout – new settings (two of them) which are in ESXi Host Advanced System Settings for the management of local account failed login attempts and account lockout duration. These parameters affect SSH and vSphere Web Services connections. The direct access to the console (DCUI) and console shell access are not affected..

ESXi 6.0 - Account Lockout settings

Password Complexity Rules – change here where In previous versions of ESXi, password complexity changes had to be made by hand-editing the /etc/pam.d/
passwd file on each ESXi host. In vSphere 6.0 now this can be done by adding an entry in Host Advanced System Settings, enabling centrally managed setting changes for all hosts in a cluster.

Password Complexity Rules

Improved Auditability of ESXi Administrator Actions – vSphere 5.x the logs showed “vpxuser” in the logs when actions were triggered in vCenter server.  Now in vSphere 6.0, all actions at the vCenter Server level against an ESXi server appear in the ESXi logs with the vCenter Server username—for example, [user=vpxuser:DOMAINUser].

Gives better details “who did what” on vCenter to execute actions on ESXi hosts….

Screenshot from VMware technical video overview of the ESXi 6.0 hypervisor…

ESXi 6.0 Improved Auditability of ESXi Administrator Actions

New and More Flexible Lockdown Modes

Normal Lockdown Mode – The first mode. The DCUI access is not blocked so users on the “DCUI.Access” list are able to access DCUI.

Strict lockdown mode – In this mode, DCUI is stopped.

What is “exception users?”

These are local accounts or Microsoft Active Directory accounts with permissions defined locally on the host where these users have host access. You can define those exception locally on the host, but it's not recommended for normal user accounts, but rather for service accounts. You should set permissions on these accounts to strict minimum and anly what's required for the application to do its task and with an account that needs only read-only permissions to the ESXi host.

This is basically the same principle of local server accounts on Windows member server, where you can create local accounts, but as a best practice to give them only the permissions they need…

Smart Card Authentication to DCUI – There is new function, but apparently it is for U.S. federal customers only. It allows DCUI login access using a Common Access Card (CAC) and Personal Identity Verification (PIV). In this case the ESXi host must be part of Microsoft AD.

Links:

  • vSphere 6 Page
  • vSphere 6 Features – New Config Maximums, Long Distance vMotion and FT for 4vCPUs
  • vSphere 6 Features – vCenter Server 6 Details, (VCSA and Windows)
  • vSphere 6 Features – vSphere Client (FAT and Web Client)
  • vSphere 6 Features – VSAN 6.0 Technical Details
  • ESXi 6.0 Security and Password Complexity Changes (this post)
Shares

| Filed Under: Server Virtualization Tagged With: ESXi 6.0 Security and Password Complexity Leave a Comment

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x11, Veeam Vanguard x5, VCAP-DCA/DCD, VCP, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Nakivo Backup and Replication
Zerto 7Vembu Backup and Replication
Click to Become a Sponsor

Featured

  • Free Backup for VMware and Hyper-V - NAKIVO Backup & Replication
  • FREE Forever—Back up VMware with Altaro VM Backup. Grab your Free copy now!
  • WinX DVD Ripper Platinum Giveaway - 1:1 Copy DVD to ISO,MP4

Most Recent

  • Veeam Backup for AWS Free Version Released
  • Cheapest way of going virtual with StarWind Virtual SAN (VSAN)
  • Physical Server Backup, Workstation or Laptop with Nakivo Backup and Replication
  • Download Free Load Balancer for VMware vSphere
  • Fight Ransomware with Veeam 10 Immutability Feature
  • StarWind VSAN Graceful Shutdown and PowerChute Configuration
  • Are You Aware of the Most Common Phishing Attacks?
  • Altaro Office 365 Backup New Features Added
  • Zerto 7.5 With Elastic Journal and long term retention – Restore a VM 20 Years old?
  • StarWind Virtual SAN Best Practices

Most Liked

  • VCP6.7-DCV Study Guide - VCP-DCV 2019 certification
  • VCP6.5-DCV Study Guide
  • vSphere 6.5
  • VCP6.5-DCV Objective 4.3 - Perform vCenter Server migration to VCSA
  • What Is VMware ESXi Lockdown Mode?

Fast NVMe Storage


Virtualization Software From VMware

  • VMware vSphere 6.7 U3 Essentials PLUS - vMotion, vSphere Replication...Included
  • VMware vSphere 6.7 U3 Essentials - 3 hosts, vCenter
  • vSphere Hypervisor Per Incident Support Click Here.
  • VMware Workstation 15.5 Pro and Upgrades - Best Desktop Virtualization Software
  • VMware Fusion 11.5 - Run Windows on MAC, and Upgrades
  • VMware Fusion 11 Professional - Restricted VMs, Virtualized VT-X/EPT... and Upgrades
**************************************************************************
  • Upgrade to vSphere Editions
  • Upgrade to vSphere Enterprise Plus
  • Upgrade to vSphere with vSOM Enterprise Plus
  • Upgrade to vSphere with Operations Management Editions
  • Upgrade to vSphere with Operations Management Enterprise Plus

Free Software

Altaro VM Backup – Protect your VMware and Hyper-V VMs for Free with Altaro VM Backup. 2 VM for Free, forever. Grab your copy now!
Veeam ONE Community (FREE) Edition 9.5 U4B – Download Now. monitor up to 10 instances of VMware, Hyper-V, Veeam Backup & Replication and Windows and Linux workloads!
Veeam Backup And Replication Community (FREE) Edition 9.5 U4B – protects up to 10 instances (VMs or Computers, laptops for Free.

Free Trials

Veeam Backup and Replication 9.5 Trial DownloadVeeam Backup & Replication 9.5 U4B Full Version Download (30 Days Trial – Get Your Copy !

YouTube

Find us on Facebook

ESX Virtualization

Copyright © 2019 ·Dynamik-Gen · Genesis Framework · Hosted with HostColor.com

X
Veeam Backup 9.5 U4B Community Edition
Download NOW
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok