Specifications

ManualsBrandsVMware ManualsComputer equipmentGSX Server 3 Administration

161

162

163

164

165

166

167

168

169

170

Administration Guide

182 VMware, Inc.

Using Your Own Security Certificates when Securing Your Remote

Sessions

When!using!the!VMware!Remote!Console!or!the!VMware!Management!Interface!over!

a!network!connection,!the!username,!password,!and!network!packets!sent!to!ESX!

Server!are!encrypted!in!ESX!Server!by!default!when!you!choose!Medium!or!High!

security!settings!for!the!server.

With!SSL!enabled,!security!certificates!are!created!by!

ESX!Server!and!stored!on!the!

server.!However,!the!certificates!used!to!secure!your!management!interface!sessions!are!

not!signed!by!a!trusted!certificate!authority;!they!do!not!provide!authentication.!If!you!

use!encrypted!remote!connections!externally,!consider!purchasing!a!certificate!from!a!

trusted!certificate!authority.

You!can!use!your!own!

security!certificate!for!your!SSL!connections.

The!VMware!Management!Interface!certificate!must!be!placed!in!

/etc/vmware-mui/ssl.!The!management!interface!certificate!consists!of!two!files:!the!

certificate!itself!(mui.crt)!and!the!private!key!file!(mui.key).!The!private!key!file!

should!be!readable!only!by!the!root!user.

When!you!upgrade!

the!management!interface,!the!certificate!remains!in!place.!If!you!

remove!the!management!interface,!the!/etc/vmware-mui/ssl directory!is!not!

removed!from!the!service!console.!

Default Permissions

When!you!create!a!virtual!machine!with!VMware!ESX!Server,!its!configuration!file!is!

registered!with!the!following!default!permissions,!based!on!the!user!accessing!it:!

! Read,!execute,!and!write!–!For!the!user!who!created!the!configuration!file!(the!

owner).

! Read!and!execute!–!For!the!owner’s!group.

! Read!–!For!users!other!than!the!owner!or!a!member!of!the!owner’s!group.

TCP/IP Ports for Management Access

The!TCP/IP!ports!available!for!management!access!to!your!ESX!Server!machine!vary,!

depending!on!the!security!settings!you!choose!for!the!server.!To!manage!ESX!Server!

machines!from!outside!a!firewall,!you!might!need!to!reconfigure!the!firewall!to!allow!

access!on!the!appropriate!ports.!The!lists!below!show!which

!ports!are!available!when!

you!use!each!of!the!standard!security!settings.