Securing vCenter Server includes ensuring security of the host where vCenter Server is running, following best practices for assigning privileges and roles, and verifying the integrity of the clients that connect to vCenter Server.
What to read next
Best Practices for vCenter Server Access Control Strictly control access to different vCenter Server components to increase security for the system.
Limiting vCenter Server Network Connectivity For improved security, avoid putting the vCenter Server system on any network other than a management network, and ensure that vSphere management traffic is on a restricted network. By limiting network connectivity, you limit certain types of attack.
vCenter Server Security Best Practices Follow all best practices for securing a vCenter Server system. Additional steps help you make your vCenter Server more secure.
vCenter Password Requirements and Lockout Behavior To manage your vSphere environment, you must be aware of the vCenter Single Sign-On password policy, of vCenter Server passwords, and of lockout behavior.
Verify Thumbprints for Legacy ESXi Hosts In vSphere 6.0 and later, hosts are assigned VMCA certificates by default. If you change the certificate mode to thumbprint, you can continue to use thumbprint mode for legacy hosts. You can verify the thumbprints in the vSphere Client.
Required Ports for vCenter Server The vCenter Server system must be able to send data to every managed host and receive data from the vSphere Client. To enable migration and provisioning activities between managed hosts, the source and destination hosts must be able to receive data from each other through predetermined TCP and UDP ports.