6.0
Table Of Contents
- Getting Started with vSphere Command-Line Interfaces
- Contents
- About This Book
- Managing vSphere with Command-Line Interfaces
- Installing vCLI
- Running Host Management Commands in the ESXi Shell
- Running vCLI Host Management Commands
- Overview of Running vCLI Host Management Commands
- Protecting Passwords
- Authenticating Through vCenter Server and vCenter Single Sign-On
- Authenticating Directly to the Host
- Trust Relationship Requirement for ESXCLI Commands
- Common Options for vCLI Host Management Command Execution
- Using vCLI Commands in Scripts
- Running Host Management Commands from a Windows System
- Running Host Management Commands from a Linux System
- Running DCLI Commands
- Index
Getting Started with vSphere Command-Line Interfaces
26 VMware, Inc.
Lockdown Mode
ToincreasethesecurityofyourESXihosts,youcanputtheminlockdownmode.Inlockdownmode,all
operationsmustbeperformedthroughvCenterServer.Bydefault,onlythevCenterServersystem,
representedbythevpxuseruser,hasauthenticationpermissions.Nootheruserscanperformoperations
againstahostin
LockdownMode.
vSphere5.xandlatersupportsnormallockdownmode,asdiscussedinthevSphere5.xdocumentationcenter.
vSphere6.0andlatersupportsfinergrainedmanagement:
Innormallockdownmode,youcanadduserstotheDCUI.Accessadvancedoptionwhichcanaccessthe
DirectConsoleUserInterfaceregardlessoftheirprivilegesonthehost.StartingwithvSphere6.0,youcan
alsousethevSphereWebClienttoaddExceptionusers,whichcanaccesstheDirectConsoleUser
Interfaceiftheyhavehostmanagementprivileges.
Instrictlockdownmode,userscannotaccesstheDirectConsoleUserInterface.IfvCenterServerbecomes
unavailable,thehostcannolongerbemanaged.
Whenahostisinnormalorstrictlockdownmode,youcannotrunvSphereCLIcommandsagainstthehost
directly.Instead,youtargetthevCenterServersystem
thatmanagesthehostwiththe--serveroptionand
specifytheESXihostwiththe--vihostoption.
Whenyouenablestrictlockdownmode,theDirectConsoleUserInterfaceserviceisdisabled.
YoucanenablelockdownmodeusingtheAddHostwizardtoaddahosttovCenterServer,usingthe
vSphere
WebClienttomanageahost,orusingtheDirectConsoleUserInterface(DCUI).
SeethevSphereSecuritydocumentationfordetailsonLockdownModeinvSphere6.0.
Running ESXCLI Commands in the ESXi Shell
ESXCLIcommandsintheESXiShellarefullysupportedunlesstheyaremarkedasinternalintheonlinehelp.
TheESXiShellisdisabledbydefault.YoumustenabletheESXiShellbeforeyoucanruncommandsinthe
shell.See“ESXiShellAccesswiththeDirectConsole”onpage 23.
To run an ESXCLI command in the shell
1Log
intotheshell.
2Runthecommand.Forexample,tolistNASstoragedevices,runthefollowingcommand.
esxcli storage nfs list
Youcanuse--helpatanylevelofesxcliforhelponavailablenamespaces,commands,oroptions.