VMware Cloud Community
stevejones20111
Contributor
Contributor
‎02-07-2011 12:09 AM

i want to put my ESXi 4 server on the Internet, how to do the security configuration?

BTW, the server will be placed in 3rd party data center and I have only remote access to the ESXi Server.

What's best solution for security configuration? What to do when I can't enter the console via the remote access?

Thanks!

0 Kudos
3 Replies
Dave_Mishchenko
Immortal
Immortal
‎02-07-2011 12:16 AM

The best option is to place some sort of VPN device in front of the ESXi as you otherwise put the host at risk.  Some might suggest a VM to handle the VPN /firewall functionality, and while it will work you have the risk of not being able to access the host should the VM fail to start.  Additionality for some operations like patching your host, you must have ESXi in maintenance mode which means all VMs must be stopped.  The 3rd option of directly accessing your ESXi host puts you at a significant security risk. So ideally, you'll place the host behind a hardware VPN / firewall.  You might also consider a remote control card for the server.

mbaecke
VMware Employee
VMware Employee
‎02-07-2011 12:30 AM

One = none, so you probably need to setup 2 ESXi servers at the remote datacenter.

And as Dave suggests put it behind a firewall.

Last but not lease , have a good look at : vSphere 4.1 Security Hardening Guide http://communities.vmware.com/docs/DOC-14548

Martijn Baecke | http://thinkcloud.nl
0 Kudos
stevejones20111
Contributor
Contributor
‎02-18-2011 08:50 AM

Dear Dave,

May I ask what kind of risk it will suffer if I put my ESXi directly on the Internet?  May hacker enter my server and steal my data?

How would the situation change if I install a hardware remote access card?

Thank you!

0 Kudos