VMware vSphere Security Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Configuring host services

The host services work in concert with the firewall rules to enable or disable a functionality on the ESXi host. Services provided by the vCenter agent allow communication and management of the host by a vCenter server, for example.

The way host services are configured can cause trouble sometimes since we expect to communicate with the host because the port is open, but that is only half of the equation most times. Unlike a Windows server that has services running irrespective of whether they are being used or not, an ESXi host does not have services running that are not called or configured to do so.

Getting ready

In order to proceed, we require access to the vSphere Client. The client can be run on any modern Windows desktop operating system or server operating system.

Note

vSphere Client will not run from a Windows Domain Controller.

vSphere Client can be downloaded by the link provided on the ESXi host web page or from www.vmware.com.

How to do it…

Perform the following steps:

  1. From the Configuration tab, select the security profile.
  2. Then, select a particular service from the list; in this example, we've selected SSH (highlighted in the following screenshot), which is a common service used for troubleshooting. The status of the service is shown in the dialog box.
  3. In order to make changes to the service, select the Options… button, as shown in the following screenshot:
  4. This presents us with three options for the service:
    • Start automatically if any ports are open, and stop when all ports are closed
    • Start and stop with host
    • Start and stop manually
  5. Select the Start and stop manually option since we are only enabling the service for the purpose of remote troubleshooting by a third-party vendor.
  6. Click on OK to complete the configuration change.

How it works…

The services allow the host to receive processes and respond to commands and data sent by the remote machine. These services work in conjunction with the firewall ports. For example, if we set the SSH server service to start manually but did not open port 22 for inbound traffic, no SSH commands will be processed.

Third-party services also appear in this list when loaded. Hardware-specific services, such as HP Smart Start, will also appear in the list and their corresponding ports will appear in the firewall's list of ports.

上一章目录下一章