Communications between client components and a vCenter Server system or ESXi hosts are protected by SSL-based encryption by default. Linux versions of these components do not perform certificate validation. Consider restricting the use of these clients.

To improve security, you can replace the VMCA-signed certificates on the vCenter Server system and on the ESXi hosts with certificates that are signed by an enterprise or third-party CA. However, certain communications with Linux clients might still be vulnerable to machine-in-the-middle attacks. The following components are vulnerable when they run on the Linux operating system.
  • ESXCLI commands
  • vSphere SDK for Perl scripts
  • Programs that are written using the vSphere Web Services SDK
You can relax the restriction against using Linux clients if you enforce proper controls.
  • Restrict management network access to authorized systems only.
  • Use firewalls to ensure that only authorized hosts are allowed to access vCenter Server.
  • Use bastion hosts (jump-box systems) to ensure that the Linux clients are behind the "jump."