To increase the security of your ESXi hosts, you enable Lockdown mode to allow administrative operations to be performed only from vCenter Server.

vSphere supports an Exception User list for service accounts that have to log in to the host directly. Accounts with administrative privileges that are on the Exception Users list can log in to the ESXi Shell. In addition, these users can log in to a host's DCUI in normal lockdown mode and can exit lockdown mode.

You repeat this procedure to enable normal lockdown mode for all  hosts in the data center in the following table.

Table 1. Hosts in the Data Center

Host

FQDN

Host 1

nyc01r01esx01.rainpole.local

Host 2

nyc01r01esx02.rainpole.local

Host 3

nyc01r01esx03.rainpole.local

Host 4

nyc01r01esx04.rainpole.local

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://nyc01r01vc01.rainpole.local/vsphere-client .
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. In the Navigator, click Hosts and Clusters and expand the  nyc01r01vc01.rainpole.local tree.
  3. Select the nyc01r01esx01.rainpole.local host.
  4. Click Configure.
  5. Under System, select Security Profile.
  6. In the Lockdown Mode panel, click Edit.
  7. In the Lockdown Mode dialog box, select the Normal radio button, and click OK
  8. Repeat this procedure and enable normal lockdown mode for all remaining hosts in the data center.
    Note:

    Lockdown Mode settings are not part of Host Profiles and must be manually enabled on all hosts.