Time synchronization issues can result in serious problems with your environment. Configure NTP for each of your hosts in the shared edge and compute clusters. Change the default ESX Admins group to achieve greater levels of security by removing a known administrative access point.

Procedure

  1. Log in to the Compute vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://lax01w01vc01.lax01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.
      Setting Value
      User name administrator@vsphere.local
      Password vsphere_admin_password
  2. Enable SSH and NTP.
    1. In the Navigator, click Hosts and Clusters and expand the lax01w01vc01.lax01.rainpole.local tree.
    2. Select the lax01w01esx01.lax01.rainpole.local host.
    3. Under System, click the Configure tab and click Security Profile.
    4. Under the Services section, click the Edit button.
    5. In the Edit Security Profile dialog box, select SSH, select Start and stop with host from the Startup Policy drop-down menu, and click the Start button.
    6. In the Edit Security Profile dialog box, select NTP Daemon, change the Startup policy to Start and stop with host, and click the Start button.
    7. Click OK to save the changes.
  3. Configure the NTP Daemon (ntpd) options.
    1. In the Navigator, click Hosts and Clusters and expand the lax01w01vc01.lax01.rainpole.local tree.
    2. Select the lax01w01esx01.lax01.rainpole.local host.
    3. Under System, click the Configure tab and click Time Configuration.
    4. Click Edit.
    5. In the Edit Time Configuration dialog box, select the Use Network Time Protocol (Enable NTP client) radio button, change the NTP service startup policy to Start and stop with host, enter ntp.lax01.rainpole.local,ntp.sfo01.rainpole.local as NTP servers, and click the Start button.
    6. Click OK to save the changes.
  4. Change the default ESX Admins group.
    1. In the Navigator, click Hosts and Clusters
    2. Expand the lax01w01vc01.lax01.rainpole.local vCenter inventory tree, and select the lax01w01esx01.lax01.rainpole.local host.
    3. Click the Configure tab and under System, click Advanced System Settings.
    4. Click the Edit button.
    5. In the filter box, enter esxAdmins and wait for the search results.
    6. Change the value of Config.HostAgent.plugins.hostsvc.esxAdminsGroup to SDDC-Admins and click OK.
  5. Disable the SSH warning banner.
    1. In the Navigator, click Hosts and Clusters
    2. Expand the lax01w01vc01.lax01.rainpole.local vCenter inventory tree, and select the lax01w01esx01.lax01.rainpole.local host.
    3. Click the Configure tab and under System, click Advanced System Settings.
    4. Click the Edit button.
    5. In the filter box, enter ssh and wait for the search results.
    6. Change the value of UserVars.SuppressShellWarning to 1 and click OK.