To maximize the security of your ESXi environment, follow best practices for vSphere Distributed Services Engine.

In vSphere 8.0 and later, vSphere Distributed Services Engine enables the offloading of infrastructure functions from the CPUs of a host or a server to data processing units (DPUs, also known as SmartNICs), thus freeing up CPU cycles to serve applications. For an introduction to vSphere Distributed Services Engine, see the VMware ESXi Installation and Setup documentation. For more information about vSphere Distributed Services Engine, see the Managing Host and Cluster Lifecycle documentation.

In general, treat security aspects of vSphere Distributed Services Engine as you do when securing your ESXi environment.

• The ESXi Shell interface and the SSH interface to vSphere Distributed Services Engine are deactivated by default. Keep these interfaces deactivated unless you are performing troubleshooting or support activities.
• For day-to-day management activities of vSphere Distributed Services Engine, use the vSphere Client, where activity is subject to role-based access control and modern access control methods.