For additional security, an administrator can place one or more hosts managed by a vCenter Server system in lockdown mode. Lockdown mode affects login privileges for the ESXi host.
■
|
Users that were logged in to the ESXi Shell before lockdown mode was enabled remain logged in and can run commands, however, those users cannot disable lockdown mode.
|
■
|
No other users, including the root users, can log in to an ESXi Shell in lockdown mode. You can no longer access the shell from the direct console or by using a remote shell.
|
■
|
The administrator user on the vCenter Server system can disable lockdown mode for hosts it manages from the vCenter Server system.
|
■
|
The root user can always log in directly to the ESXi host's direct console to disable lockdown mode. If the direct console is disabled, the administrator on the vCenter Server system can disable lockdown mode. If the host is not managed by a vCenter Server system or if the host is unreachable, you must reinstall ESXi.
|
To make changes to ESXi systems in lockdown mode, you must go through a vCenter Server system that manages the ESXi system as the uservpxuser.
You can use the vSphere Client or vCLI commands that support the --vihost option. The following commands cannot run against vCenter Server systems and are therefore not available in lockdown mode:
■
|
If you have problems running a command on an ESXi host directly (without specifying a vCenter Server target), check whether lockdown mode is enabled on that host.
Info taken from VMware Documentation
No comments:
Post a Comment