You perform procedures on the ESXi hosts in all your workload domains by using different interfaces, such as PowerCLI, SSH, and the vSphere Client. Procedure Security Best Practices for Securing ESXi HostsYou must follow multiple best practices at all times when you operate your ESXi hosts. Configure Multiple Security Settings on the ESXi Hosts by Using the ESXi ShellYou edit the /etc/ssh/sshd_config file on all hosts to deactivate login as the root user for the SSH daemon and activate secure boot. Configure Multiple Security Settings on the ESXi Hosts by Using PowerCLIYou perform the procedure on all ESXi hosts in all your workload domains to configure firewall settings, password policy, inactivity timeouts, failed login attempts, join ESXi hosts to Active Directory domain, and remove ESX Admin group membership. Also, stop the ESXi shell service, configure login banners for the Direct Console User Interface (DCUI) and SSH connections, deactivate warnings, activate the Bridge Protocol Data Unit (BPDU) filter, configure persistent log location, remote logging, and activate bidirectional CHAP authentication by using PowerCLI commands. Configure Multiple Security Settings on Unassigned ESXi Hosts by Using PowerCLIYou perform this procedure on all unassigned ESXi hosts in the SDDC inventory to configure non-native VLAN ID, Virtual Guest Tagging (VGT), and unreserved VLAN ID on all the port groups on the standard switch. Activate Normal Lockdown Mode on the ESXi HostsYou activate normal lockdown mode on the ESXi hosts.