Communications between client components and a vCenter Server system or ESXi hosts are protected by SSL-based encryption by default. Linux versions of these components do not perform certificate validation. Consider restricting the use of these clients.

Even if you have replaced the VMCA-signed certificates on the vCenter Server system and the ESXi hosts with certificates that are signed by a third party CA, certain communications with Linux clients are still vulnerable to man-in-the-middle attacks. The following components are vulnerable when they run on the Linux operating system.

  • vCLI commands

  • vSphere SDK for Perl scripts

  • Programs written using the vSphere Web Services SDK

You can relax the restriction against using Linux clients if you enforce proper controls.

  • Restrict management network access to authorized systems only.

  • Use firewalls to ensure that only authorized hosts are allowed to access vCenter Server.

  • Use jump-box systems to ensure that Linux clients are behind the jump.