Securing vCenter Server includes ensuring security of the host where vCenter Server is running, following best practices for assigning privileges and roles, and verifying the integrity of the clients that connect to vCenter Server. Hardening the vCenter Server Host Operating SystemProtect the host where vCenter Server is running against vulnerabilities and attacks by ensuring that the operating system of the host (Windows or Linux) is as secure as possible. Best Practices for vCenter Server PrivilegesStrictly control vCenter Server administrator privileges to increase security for the system. Enable Certificate Checking and Verify Host Thumbprints in the vSphere Web ClientTo prevent man-in-the-middle attacks and to fully use the security that certificates provide, certificate checking is enabled by default. You can verify that certificate checking is enabled in the vSphere Web Client. Removing Expired or Revoked Certificates and Logs from Failed InstallationsLeaving expired or revoked certificates or leaving vCenter Server installation logs for failed installation on your vCenter Server system can compromise your environment. Enable SSL Certificate Validation Over Network File CopyNetwork File Copy (NFC) provides a file-type-aware FTP service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default. You can disable and reenable SSL certificate validation for NFC operations. Limiting vCenter Server Network ConnectivityFor improved security, avoid putting the vCenter Server system on any network other than the management network, and ensure that vSphere management traffic is on a restricted network. By limiting network connectivity, you limit certain types of attack.