VMware Cloud Community
RegNullify
Contributor
Contributor
‎02-10-2010 03:55 PM
Jump to solution

Disabling web interface on ESX4i

Greetings,

Is it possible to safely disable the web interface on an ESX4i host without causing any problems? I want to turn it off completely to harden the system a bit more. Please let me know your thoughts I am looking forward to it. Thanks for your support.

A+, N+, CNA, CNE, MCP, MCSA, VCP310, VCP410, VCI <------ Long time dedicated IT Professional specializing in U.S. Federal Government implementations.
0 Kudos
1 Solution

Accepted Solutions
Borja_Mari
Virtuoso
Virtuoso
‎02-10-2010 04:57 PM
Jump to solution

Hi,

it is completely safe to remove/disable the esxi web page.

For example if you don't want to be possible downloading the vSphere client o browsing the datastores.

Check this good vmware doc to disable it: http://communities.vmware.com/docs/DOC-11864

Hope this helps.

Un saludo/Regards,

Pablo

Please consider awarding any helpful answer. Thanks!! - Por favor considera premiar las respuestas útiles. Muchas gracias!!

------------------------------------------------------------------------------------------------- PLEASE CONSIDER AWARDING any HELPFUL or CORRECT reply. Thanks!! Por favor CONSIDERA PREMIAR cualquier respuesta ÚTIL o CORRECTA . ¡¡Muchas gracias!! VCP3, VCP4, VCP5-DCV (VCP550), vExpert 2010, 2014 BLOG: http://communities.vmware.com/blogs/VirtuallyAnITNoob

View solution in original post

0 Kudos
7 Replies
Kasraeian
Expert
Expert
‎02-10-2010 04:18 PM
Jump to solution

Hi,

Check KB 1007617

and also I think you mean " safely disable the web interface on an ESX 4 host " not " ESXi ", because the ESXi didn't have web access service. Smiley Wink

I hope this helps.



-= If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" =-

-= If there's any mistake in my notes, please correct me! =-

-= Thanks =-

MCTS, VCP

http://www.kasraeian.com

If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" If there's any mistake in my notes, please correct me! Sohrab Kasraeianfard | http://www.kasraeian.com | @Kasraeian
0 Kudos
DSTAVERT
Immortal
Immortal
‎02-10-2010 04:22 PM
Jump to solution

Since much of the communications between the ESXi host and the management tools vSphere Client and vCenter Server are through port 443 I might imagine it could have an impact no matter how you disabled the page. If you want to harden the installation separate the management network and the VM network with a router/firewall or vlan

-- David -- VMware Communities Moderator
0 Kudos
RegNullify
Contributor
Contributor
‎02-10-2010 04:25 PM
Jump to solution

Greetings,

I mean the web front end on ESXi. I want would like to completly disable it if possible. See attached screenshot. Thanks.

A+, N+, CNA, CNE, MCP, MCSA, VCP310, VCP410, VCI <------ Long time dedicated IT Professional specializing in U.S. Federal Government implementations.
Preview file
642 KB
0 Kudos
RegNullify
Contributor
Contributor
‎02-10-2010 04:32 PM
Jump to solution

Greetings,

Makes perfect sense. All of the management networks for my ESX hosts are seperate and reside on a specific management vlan that only virtual infrastructure machines can communicate with for example vCenter, etc. Of course Active directory, DNS and NTP are execptions to this rule as for they can communicate with the designated vlan too.

As an additional security measure I was hoping to safely turn off the web front end just becuase it seems like another potential security risk.

-Reg

A+, N+, CNA, CNE, MCP, MCSA, VCP310, VCP410, VCI <------ Long time dedicated IT Professional specializing in U.S. Federal Government implementations.
0 Kudos
DSTAVERT
Immortal
Immortal
‎02-10-2010 04:47 PM
Jump to solution

The page isn't the problem. You could potentially edit / remove the page but vCenter communicates on the same port as the page. If the page were gone it wouldn't do anything for for the API traffic that still need to use the port.

-- David -- VMware Communities Moderator
0 Kudos
RegNullify
Contributor
Contributor
‎02-10-2010 04:56 PM
Jump to solution

Greetings,

Your answer definitely holds merit and is logical. I would still like to remove it if at all possible. Any suggestions?






A, N, CNA, CNE, MCP, MCSA, VCP310, VCP410, VCI

A+, N+, CNA, CNE, MCP, MCSA, VCP310, VCP410, VCI <------ Long time dedicated IT Professional specializing in U.S. Federal Government implementations.
0 Kudos
Borja_Mari
Virtuoso
Virtuoso
‎02-10-2010 04:57 PM
Jump to solution

Hi,

it is completely safe to remove/disable the esxi web page.

For example if you don't want to be possible downloading the vSphere client o browsing the datastores.

Check this good vmware doc to disable it: http://communities.vmware.com/docs/DOC-11864

Hope this helps.

Un saludo/Regards,

Pablo

Please consider awarding any helpful answer. Thanks!! - Por favor considera premiar las respuestas útiles. Muchas gracias!!

------------------------------------------------------------------------------------------------- PLEASE CONSIDER AWARDING any HELPFUL or CORRECT reply. Thanks!! Por favor CONSIDERA PREMIAR cualquier respuesta ÚTIL o CORRECTA . ¡¡Muchas gracias!! VCP3, VCP4, VCP5-DCV (VCP550), vExpert 2010, 2014 BLOG: http://communities.vmware.com/blogs/VirtuallyAnITNoob
0 Kudos