Installation guide
C H A P T E R 5 Using the VMware Service Console
209
itself (mui.crt) and the private key file (mui.key). The private key file should be
readable only by the root user.
When you upgrade the management interface, the certificate remains in place and, in
case you removed the management interface, the directory is not removed from the
service console.
Default Permissions
When you create a virtual machine with VMware ESX Server, its configuration file is
registered with the following default permissions, based on the user accessing it:
• Read, execute and write — for the user who created the configuration file (the
owner)
• Read and execute — for the owner’s group
• Read — for users other than the owner or a member of the owner’s group
TCP/IP Ports for Management Access
The TCP/IP ports available for management access to your ESX Server machine vary,
depending on the security settings you choose for the server. If you need to manage
ESX Server machines from outside a firewall, you may need to reconfigure the firewall
to allow access on the appropriate ports. The lists below show which ports are
available when you use each of the standard security settings.
The key ports for use of the VMware Management Interface and the VMware Remote
Console are the HTTP or HTTPS port and the port used by vmware-authd. Use of
other ports is optional.
High Security
• 443 – HTTPS, used by the VMware Management Interface
• 902 – vmware-authd, used when you connect with the remote console
• 22 – SSH, used for a secure shell connection to the service console
Medium Security
• 443 – HTTPS, used by the VMware Management Interface
• 902 – vmware-authd, used when you connect with the remote console
• 22 – SSH, used for a secure shell connection to the service console
• 23 – Telnet, used for an insecure shell connection to the service console
• 21 – FTP, used for transferring files to and from other machines