An ESXi host includes several services that are running by default. If your company policy allows it, you can disable services from the security profile, or enable services.

Enable or Disable a Service is an example of how to enable a service.

Note: Enabling services affects the security of your host. Do not enable a service unless strictly necessary.

Available services depend on the VIBs that are installed on the ESXi host. You cannot add services without installing a VIB. Some VMware products, for example, vSphere HA, install VIBs on hosts and make services and the corresponding firewall ports available.

In a default installation, you can modify the status of the following services from the vSphere Client.

Table 1. ESXi Services in the Security Profile
Service Default Description
Direct Console UI Running The Direct Console User Interface (DCUI) service allows you to interact with an ESXi host from the local console host using text-based menus.
ESXi Shell Stopped The ESXi Shell is available from the Direct Console User Interface and includes a set of fully supported commands and a set of commands for troubleshooting and remediation. You must enable access to the ESXi Shell from the direct console of each system. You can enable access to the local ESXi Shell or access to the ESXi Shell with SSH.
SSH Stopped The host's SSH client service that allows remote connections through Secure Shell.
Load-Based Teaming Daemon Running Load-Based Teaming.
attestd Stopped vSphere Trust Authority Attestation Service.
kmxd Stopped vSphere Trust Authority Key Provider Service.
Active Directory Service Stopped When you configure ESXi for Active Directory, this service is started.
NTP Daemon Stopped Network Time Protocol daemon.
PC/SC Smart Card Daemon Stopped When you enable the host for smart card authentication, this service starts. See Configuring Smart Card Authentication for ESXi.
CIM Server Running Service that can be used by Common Information Model (CIM) applications.
SNMP Server Stopped SNMP daemon. See vSphere Monitoring and Performance for information on configuring SNMP v1, v2, and v3.
Syslog Server Stopped Syslog daemon. You can enable syslog from the Advanced System Settings in the vSphere Client. See vCenter Server Installation and Setup.
VMware vCenter Agent Running vCenter Server agent. Allows a vCenter Server to connect to an ESXi host. Specifically, vpxa is the communication conduit to the host daemon, which in turn communicates with the ESXi kernel.
X.Org Server Stopped X.Org Server. This optional feature is used internally for 3D graphics for virtual machines.