Time synchronization issues can result in serious problems with your environment. Configure the Network Time Protocol (NTP) settings on each of your ESXi hosts in the shared edge and compute clusters. To achieve greater levels of security, change the default ESX Admins group and remove a known administrative access point.


  1. In a Web browser, log in to vCenter Server by using the vSphere Client.
    Setting Value
    URL https://sfo01m01vc01.sfo01.rainpole.local/ui
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. Enable SSH.
    1. In the Hosts and Clusters inventory, expand the sfo01w02vc01.sfo01.rainpole.local tree.
    2. Select the sfo01w02esx01.sfo01.rainpole.local host.
    3. On the Configure tab, in the System section, click Services.
    4. Select SSH and click the Start button.
    5. Click the Edit startup policy button, select Start and stop with host, and click OK.
  3. Configure the NTP Daemon (ntpd) options.
    1. On the Configure tab, in the System section, click Time configuration.
    2. Click Edit.
    3. In the Edit Time Configuration dialog box, configure the settings and click OK.
      Setting Value
      Use Network Time Protocol (Enable NTP client) Selected
      NTP Servers ntp.sfo01.rainpole.local,ntp.lax01.rainpole.local
      Start NTP Service Selected
      NTP Service Startup Policy Start and stop with host
  4. Change the default ESX Admins group.
    1. On the Configure tab, in the System section, click Advanced system settings.
    2. Click Edit.
    3. In the Filter text box, enter esxAdmins.
    4. Change the value of Config.HostAgent.plugins.hostsvc.esxAdminsGroup to SDDC-Admins .
  5. Disable the SSH warning banner.
    1. In the Filter text box, enter ssh.
    2. Change the value of UserVars.SuppressShellWarning to 1 and click OK.