6.0.1
Table Of Contents
- vSphere Availability
- Contents
- About vSphere Availability
- Updated Information
- Business Continuity and Minimizing Downtime
- Creating and Using vSphere HA Clusters
- Providing Fault Tolerance for Virtual Machines
- Index
vSphere HA Security
vSphere HA is enhanced by several security features.
Select firewall ports
opened
vSphere HA uses TCP and UDP port 8182 for agent-to-agent communication.
The firewall ports open and close automatically to ensure they are open only
when needed.
Configuration files
protected using file
system permissions
vSphere HA stores configuration information on the local storage or on
ramdisk if there is no local datastore. These files are protected using file
system permissions and they are accessible only to the root user. Hosts
without local storage are only supported if they are managed by Auto
Deploy.
Detailed logging
The location where vSphere HA places log files depends on the version of
host.
n
For ESXi 5.x hosts, vSphere HA writes to syslog only by default, so logs
are placed where syslog is configured to put them. The log file names for
vSphere HA are prepended with fdm, fault domain manager, which is a
service of vSphere HA.
n
For legacy ESXi 4.x hosts, vSphere HA writes to /var/log/vmware/fdm on
local disk, as well as syslog if it is configured.
n
For legacy ESX 4.x hosts, vSphere HA writes to /var/log/vmware/fdm.
Secure vSphere HA
logins
vSphere HA logs onto the vSphere HA agents using a user account, vpxuser,
created by vCenter Server. This account is the same account used by vCenter
Server to manage the host. vCenter Server creates a random password for
this account and changes the password periodically. The time period is set
by the vCenter Server VirtualCenter.VimPasswordExpirationInDays
setting. Users with administrative privileges on the root folder of the host
can log in to the agent.
Secure communication
All communication between vCenter Server and the vSphere HA agent is
done over SSL. Agent-to-agent communication also uses SSL except for
election messages, which occur over UDP. Election messages are verified
over SSL so that a rogue agent can prevent only the host on which the agent
is running from being elected as a master host. In this case, a configuration
issue for the cluster is issued so the user is aware of the problem.
Host SSL certificate
verification required
vSphere HA requires that each host have a verified SSL certificate. Each host
generates a self-signed certificate when it is booted for the first time. This
certificate can then be regenerated or replaced with one issued by an
authority. If the certificate is replaced, vSphere HA needs to be reconfigured
on the host. If a host becomes disconnected from vCenter Server after its
certificate is updated and the ESXi or ESX Host agent is restarted, then
vSphere HA is automatically reconfigured when the host is reconnected to
vCenter Server. If the disconnection does not occur because vCenter Server
host SSL certificate verification is disabled at the time, verify the new
certificate and reconfigure vSphere HA on the host.
vSphere Availability
22 VMware, Inc.