To increase the security of your ESXi hosts, you can put them in lockdown mode.
When you enable lockdown mode, no users other than vpxuser have authentication permissions, nor can they perform operations against the host directly. Lockdown mode forces all operations to be performed through vCenter Server.
Enabling or disabling lockdown mode affects which types of users are authorized to access host services, but it does not affect the availability of those services. In other words, if the ESXi Shell, SSH, or Direct Console User Interface (DCUI) services are enabled, they will continue to run whether or not the host is in lockdown mode.
Lockdown mode is available only on ESXi hosts that you add to vCenter Server.
See the vSphere Security documentation for more information about lockdown mode.
- In the direct console, select Configure Lockdown Mode and press Enter.
- Press the spacebar to select Enable Lockdown Mode and press Enter.
- Press Enter.