The virtual machine console provides the same function for a virtual machine that a monitor provides on a physical server. Users with access to the virtual machine console have access to virtual machine power management and removable device connectivity controls. Console access might therefore allow a malicious attack on a virtual machine.

Procedure

  1. Use native remote management services, such as terminal services and SSH, to interact with virtual machines.
    Grant access to the virtual machine console only when necessary.
  2. Limit the connections to the virtual machine console.
    For example, in a highly secure environment, limit the connection to one. In some environments, you can increase the limit if several concurrent connections are necessary to accomplish normal tasks.
    1. In the vSphere Client, power off the virtual machine.
    2. Right-click the virtual machine and select Edit Settings.
    3. Click the VM Options tab, and expand VMware Remote Console Options.
    4. Enter the maximum number of sessions, for example, 2.
    5. Click OK.