totalstu1
Contributor
Contributor

Restrict access to esxi welcome/getting started page possible?

Jump to solution

In my reading I haven't been able to find an answer so I thought it best to ask the collective. Is it possible to restrict access to the esxi welcome/getting started page (the page you get to by typing in the esxi server address in your browser)? Id like it so a regular user can't even see that page.

Thanks

0 Kudos
1 Solution

Accepted Solutions
astorrs
Enthusiast
Enthusiast

In ESX this was easy to do (http://vmetc.com/2008/10/15/modify-virtualcenter-and-esx-web-interface-to-prevent-vi-client-downloads/) but without access to the root file system (in ESXi) you're not going to be able to take that route.

With that said, you really should be looking at restricting access to the ESXi hosts themselves by isolating them with VLANs so only authorized systems can access them. You might want to consult the Security Hardening Best Pratices Guide for tips on securing your installation.

View solution in original post

0 Kudos
4 Replies
astorrs
Enthusiast
Enthusiast

In ESX this was easy to do (http://vmetc.com/2008/10/15/modify-virtualcenter-and-esx-web-interface-to-prevent-vi-client-downloads/) but without access to the root file system (in ESXi) you're not going to be able to take that route.

With that said, you really should be looking at restricting access to the ESXi hosts themselves by isolating them with VLANs so only authorized systems can access them. You might want to consult the Security Hardening Best Pratices Guide for tips on securing your installation.

0 Kudos
Craig_Baltzer
Expert
Expert

Agree with astorrs that the best approach is to use VLANs or other firewalling to keep unwanted user traffic away from the ESXi hosts.

If you want to use the "modify the web page" method outlined in the link provided and don't mind going down the "unsupported" route you can use the unsupported maintenance console on ESXi to access the necessary files. From the ESXi console hit <Alt><F1> and then type "unsupported" (without out quotes, and nothing will be echoed back as you type). Once you hit <Enter> you'll get the login prompt, then follow the directions from the link astorrs provided (you'll need to use "vi" as the editor as "nano" is not available in the busybox console on ESXi...)

astorrs
Enthusiast
Enthusiast

Like Craig said that method is "unsupported" and will actually break the ESXi warranty and void any of your support contracts for that host - if you can live with that (e.g. you're using the free version of ESXi) then by all means go ahead.

http://blogs.vmware.com/vmtn/2008/11/keep-your-vmwar.html

totalstu1
Contributor
Contributor

This is interesting. VLAN is in our future, just not yet. I will discuss with the powers that be and go from there

Thanks

0 Kudos