Monday 25 March 2013

ESXi Lockdown mode and different account access

Lockdown mode can be enable on the ESXi Server:
1) via the vCenter by selecting the Host and Security profile. 
2) Logging in directly to the ESXi Console.
3) SSH to the ESXi , type in dcui and than enable Lockdown mode.
4) Also, via the vSphere webclient.
5) Using powercli.

Details about enabling Lockdown mode can be found in the VMware kb article : 1008077

Now, as we all know that enabling ESXi lockdown mode disables any root access to the ESXi server, had this thought about what will happen to other user accounts and what to do when the vCenter goes down. Came up with the below chart with a few tests I did in my local setup. 
                           The chart below shows the different login methods to ESXi before and after enabling Lockdown mode. For the below results, lockdown mode was only enabled via the vCenter. 

Note: If vCenter goes down, you can login to the ESXi Console as Root and disable lockdown mode.


Feel free to add any comments or questions.