Lets Design, Implement and do Administration of ESX3

Virtualization with VMWare Infrastructure 3.0

VMWARE -Security Model

Posted by Preetam on April 10, 2007

Few important things which I felt from exam perspective are important have been posted here, but it is in brief for more details, please read Server configuration guide. At one point i felt bored, because not much is required from VCP Blue print perspective.

For iSCSI CHAP is used for securing traffice between iniatiators and Target. However CHAP is one way enabled i.e. only target will authenticate the iniatiators. CHAP is enabled at HBA level. It doesn’t support per-target CHAP authentication, which enables you to configure different credentials for each target to achieve greater target refinement. ESX server doesn’t support Kerberos, secure remote protocol, or public key authentication methods for iSCSI; additionally it doesn’t support IPSec and encryption.

Do not configure the default gateway for the service console on the virtual swithc you use for iSCSI connectivity.

If service console is compromized in certain ways, the virtual machines it interacts with might also be compromized, to minimize the risk of an attack through the service console; Vmware protects the service console with a firewall. By default ESX server is installed with a high security setting.screenshot016.jpg


Further to this ESX server and virtual center use ports 8085,8087 and 9080 to communicate internally with eachother.


One Response to “VMWARE -Security Model”

  1. Jason Boche said

    Nice diagram. This is actually a timely article. Just the other day I posted an opinion on the VMware forums about some fud that is floating around the documentation websites saying that port 905 is still being used in VI3. Your posting here confirms what I know to be true – that port 905 is NOT used in VI3, but in the previous versions (Virtual Center 1.x)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: