Greetings,
Is it possible to safely disable the web interface on an ESX4i host without causing any problems? I want to turn it off completely to harden the system a bit more. Please let me know your thoughts I am looking forward to it. Thanks for your support.
Hi,
it is completely safe to remove/disable the esxi web page.
For example if you don't want to be possible downloading the vSphere client o browsing the datastores.
Check this good vmware doc to disable it: http://communities.vmware.com/docs/DOC-11864
Hope this helps.
Un saludo/Regards,
Pablo
Please consider awarding any helpful answer. Thanks!! - Por favor considera premiar las respuestas útiles. Muchas gracias!!
Hi,
Check KB 1007617
and also I think you mean " safely disable the web interface on an ESX 4 host " not " ESXi ", because the ESXi didn't have web access service.
I hope this helps.
-= If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" =-
-= If there's any mistake in my notes, please correct me! =-
-= Thanks =-
MCTS, VCP
Since much of the communications between the ESXi host and the management tools vSphere Client and vCenter Server are through port 443 I might imagine it could have an impact no matter how you disabled the page. If you want to harden the installation separate the management network and the VM network with a router/firewall or vlan
Greetings,
I mean the web front end on ESXi. I want would like to completly disable it if possible. See attached screenshot. Thanks.
Greetings,
Makes perfect sense. All of the management networks for my ESX hosts are seperate and reside on a specific management vlan that only virtual infrastructure machines can communicate with for example vCenter, etc. Of course Active directory, DNS and NTP are execptions to this rule as for they can communicate with the designated vlan too.
As an additional security measure I was hoping to safely turn off the web front end just becuase it seems like another potential security risk.
-Reg
The page isn't the problem. You could potentially edit / remove the page but vCenter communicates on the same port as the page. If the page were gone it wouldn't do anything for for the API traffic that still need to use the port.
Greetings,
Your answer definitely holds merit and is logical. I would still like to remove it if at all possible. Any suggestions?
A, N, CNA, CNE, MCP, MCSA, VCP310, VCP410, VCI
Hi,
it is completely safe to remove/disable the esxi web page.
For example if you don't want to be possible downloading the vSphere client o browsing the datastores.
Check this good vmware doc to disable it: http://communities.vmware.com/docs/DOC-11864
Hope this helps.
Un saludo/Regards,
Pablo
Please consider awarding any helpful answer. Thanks!! - Por favor considera premiar las respuestas útiles. Muchas gracias!!