Time synchronization issues can result in serious problems with your environment. Configure NTP for each of your hosts in the shared edge and compute clusters. Change the default ESX Admins group to achieve greater levels of security by removing a known administrative access point.

Procedure

  1. Log in to the Compute vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01w01vc01.sfo01.rainpole.local/vsphere-client .
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. Enable SSH and NTP.
    1. In the Navigator, click Hosts and Clusters and expand the sfo01w01vc01.sfo01.rainpole.local tree.
    2. Select the sfo01w01esx01.sfo01.rainpole.local host.
    3. Click the Configure tab and under System, click Security Profile.
    4. Under Services section, click the Edit button.
    5. In the Edit Security Profile dialog box, select SSH, select Start and stop with host from the Startup Policy drop down list, click Start button.
    6. In the Edit Security Profile dialog box, select NTP Daemon, change the Startup policy to Start and stop with host, click Start button.
    7. Click OK to save the changes.
  3. Configure the NTP Daemon (ntpd) options.
    1. In the Navigator, click Hosts and Clusters and expand the sfo01w01vc01.sfo01.rainpole.local tree.
    2. Select the sfo01w01esx01.sfo01.rainpole.local host.
    3. Click the Configure tab and under System, click Time Configuration.
    4. Click the Edit button.
    5. In the Edit Time Configuration dialog box, select the Use Network Time Protocol (Enable NTP client) radio button, change the NTP service startup policy to Start and stop with host, and enter ntp.sfo01.rainpole.local,ntp.lax01.rainpole.local as NTP servers, click Start button.
    6. Click OK to save the changes.
  4. Change the default ESX Admins group.
    1. In the Navigator, click Hosts and Clusters and expand the sfo01w01vc01.sfo01.rainpole.local tree.
    2. Select the sfo01w01esx01.sfo01.rainpole.local host.
    3. Click the Configure tab and under System, click Advanced System Settings.
    4. Click the Edit button.
    5. In the filter box, enter esxAdmins and wait for the search results.
    6. Change the value of Config.HostAgent.plugins.hostsvc.esxAdminsGroup to SDDC-Admins and click OK.
  5. Disable the SSH warning banner.
    1. In the Navigator, click Hosts and Clusters expand the sfo01w01vc01.sfo01.rainpole.local tree.
    2. Select the sfo01w01esx01.sfo01.rainpole.local host.
    3. Click the Configure tab and under System, click Advanced System Settings.
    4. Click the Edit button.
    5. In the filter box, enter ssh and wait for the search results.
    6. Change the value of UserVars.SuppressShellWarning to 1 and click OK.