You can configure the virtual machine Communication Interface firewall (VMCI) to restrict virtual machines accessing the hypervisor-based services and VMCI-based services.
You can restrict VMCI usage to a subset of VMCI-based services on each virtual machine. For example, you can allow certain virtual machines to access VMCI services and deny access to others for security reasons.
Currently, VMCI devices support guest to host communication. A virtual machine can communicate with VMCI services through the following means:
- ESXi hypervisor
- Services installed on the host operating system in the form of a vmkernel module
- Applications installed by a verified vSphere Installation Bundle
