Lock Down Mode

andersom · ‎10-21-2010

What is the best practice for logging directly into host when you have a vCenter Server. We have vCenter 4.1 and vCenter server is virtual, so just in case it does start or reboot correctly we may at time need to connect directly to the host. Is better disable lock down and use root to login into host, or enable lock down and create an admin account directly on each host so we can connect directly to them?

Thanks,

jaydee01 · ‎10-21-2010

I think Best Practice would be to create an admin account directly on each host for access, however due to the nature of needing access quickly in the event of an emergency we have root set to login, with a very secure and tricky password!

We find this just rules out any issues and full access...

Dave_Mishchenko · ‎10-21-2010

It will depend on your security needs. With 4.1 lockdown mode disables all API connections regardless of the account used. All API connections must be made through vCenter Server. If vCenter were to fail to come up, you would need to do the following:

- access the DCUI on the host that was running vCenter, login with an admin account (could be root, a local admin, or domain user with the admin role for the host)

- use the DCUI to disable lockdown mode

- connect to the host with the vSphere client

- start the vCenter VM

- re-enable lockdown mode.

Dave

VMware Communities User Moderator

Now available - vSphere Quick Start Guide

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.