The Virtual Machine Communication Interface (VMCI) provides a high-speed communication channel between a virtual machine and the ESXi host that it runs on. You can also enable VMCI for communication between virtual machines that run on the same host.
This setting applies to ESXi 5.0 and earlier virtual machines. It does not apply to ESXi 5.1 and later virtual machines. In vSphere 5.1, vSphere 5.5, and later, the vmci0.unrestricted setting has no effect, because guest-to-guest VMCI communication has been permanently disabled.
If VMCI is not restricted, a virtual machine can detect and be detected by all others with the same option enabled within the same host. Custom-built software that uses this interface might have unexpected vulnerabilities that lead to an exploit. Also, a virtual machine could detect how many other virtual machines are within the same ESX/ESXi system by registering the virtual machine. This information could be used for a malicious objective. The virtual machine can be exposed to others within the system as long as at least one program is connected to the VMCI socket interface. Use the following .vmx setting to restrict VMCI:
vmci0.unrestricted = "FALSE"
Verify that the virtual machine is using hardware version 7 or later.
- In the vSphere Client inventory, right-click the virtual machine and select Edit Settings.
- On the Hardware Tab, select Show All Devices and click VMCI device.
- Select the Enable VMCI Between VMs check box.
- Click OK to save your changes.