You restrict remote access to the host by disabling the SSH service and the shell service and enabling lockdown mode.

You perform the procedure on all the ESXi hosts in Region A. To perform the procedure, you first connect to the Management vCenter Server and then connect to the Compute vCenter Server to perform the procedure on all the ESXi hosts that belong to the Computer vCenter Server. When you run commands, on the prompts to specify the object of a command, enter [A] Yes to All to run a task on all hosts that belong to the vCenter Server instance that you configure.

Procedure

  1. Log in to the Management vCenter Server by using a PowerCLI console.
    Setting Value
    Command Connect-VIServer -Server sfo01m01vc01.sfo01.rainpole.local -Protocol https
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. PCI-VI-ESXI-CFG-00111 Stop and disable the SSH service.
    Get-VMHost | Get-VMHostService | Where {$_.Label -eq "SSH"} | Set-VMHostService -Policy Off 
    Get-VMHost | Get-VMHostService | Where {$_.Label -eq "SSH"} | Stop-VMHostService
  3. PCI-VI-ESXI-CFG-00112 Stop and disable the ESXi shell service.
    Get-VMHost | Get-VMHostService | Where {$_.Label -eq "ESXi Shell"} | Set-VMHostService -Policy Off
    Get-VMHost | Get-VMHostService | Where {$_.Label -eq "ESXi Shell"} | Stop-VMHostService
  4. PCI-VI-ESXI-CFG-00031 Enable Normal lockdown mode.
    $level = "lockdownNormal"
    $EsxiHosts = Get-VMHost
    foreach($EsxiHost in $EsxiHosts)
    {$vmhost = $EsxiHost | Get-View
    $lockdown = Get-View $vmhost.ConfigManager.HostAccessManager
    $lockdown.ChangeLockdownMode($level) }
  5. Log in to the sfo01w01vc01.sfo01.rainpole.local Compute vCenter Server and repeat the procedure for the remaining hosts in Region A.