Tag: esxi

vSphere 6.0 Lockdown Mode Exception Users

In vSphere 6.0 we now have a new concept called Exception Users. The intent of Exception Users is that they are not general admin users. I would consider them more of a “Service Account” type of access.

As a matter of fact, just the other day I got an email from someone internal at VMware that brought up a great use case for Exception Users. They were talking to a customer that wanted to access ESXi via a PowerCLI cmdlet (Get-VMHostAccount) to list out the local accounts on an ESXi server as part of their normal security reporting.

But they also wanted to enable Lockdown Mode and were finding it difficult to comply with both things. In vSphere 6.0 this is now much easier to address. Let’s get started.

Continue reading

vSphere 6.0 Lockdown Modes

Lockdown mode has been around in various forms for many releases. The behaviors have changed a few times since 5.1 with varying levels of usability success. For vSphere 6.0 we are trying to address some of these issues. Personally, what I’d love to see happen with all customers running V6.0 is that you run at a minimum the “Normal” Lockdown Mode.

Continue reading

New ESXi security whitepaper!

Last week I released a whitepaper on ESXi security. I’ve worked on this for the better part of the last 8 months. It was an exhaustive research project that involved LOTS of hunting down answers, ensuring accuracy and double-checking and reviewing everything. As it stands today, it’s the definitive statement on how security works in the ESXi hypervisor. Thankfully it’s getting a lot of great feedback!

If you have feedback, leave it here, send me email or get in touch on Twitter.

Read more about the paper here:

Enjoy!
mike