Generally, Lock Down means that only vCenter can communicate with hosts, and no one can directly send Clients to hosts. This process greatly enhances the organization's security. Lock Down has been a great deal of vSphere functionality, and we've seen many models of it all the way. From version 5. 1 to version 6.0, there have been many changes that make the interests of security experts of organizations even more so. One of the things I suggest to all virtualization experts is to turn on Lock Down at its minimum security level, Normal.
First you need to know. In general, vSphere 6.0 has three definitions for Lock Down:
01. Normal Lockdown
02. Strict Lock Down
03. Exception Users
Lock Down:
One of the problems for Lockdown's virtual administrators was that it could either be turned on or off and there was no other way to control it. In version 1.5, only Root could have accessed this console after turning off Lock Down, but from version 5.5 you could add to your favorite DCUI.Access list. These users did not need to be Administrator. To DCUI. But from version 6.0, you could either turn Normal Lock down or Strict Lock Down on your need, which was hard to implement in the 5.x version.
Normal Lock down:
In this model, the Lock Down service (DCUI) does not stop in any way. If the connection between the vCenter and the hosts is removed, you can not directly connect to any of the hosts. The solution in this The scenario is that users whose names in the DCUI.Access list (implemented in the Host Advanced Setting section) can go back to the console of each server and edit it. Keep in mind that the users in DCUI. Access are only for Emergency cases should be able to enter DCUI.
Strict Lock Down:
This model has been added to the various Lock Down models from version 6.0 and generally ends the DCUI service. In this scenario, if the vCenter connection is disconnected to the hosts, users can not communicate with the back of the console either because they are not able to log into the console either. There is only one way to remove the host from Lock Down, which is to turn on SSH or Shell. So keep in mind that if you turn on this Lock Down model, try to keep the SSH service started up until it's final. The connection between vCenter and hosts can be connected to hosts.
The most important thing is that if the connection between the vCenter and the hosts is cut off and you have not turned on either SSH or Shell services, what happens? How can we return the Host connection? There is no way to reinstall ESXi.
How to turn on Lock Down:
To implement Lock Down, follow the steps below. You can do this in three ways:
The first method:
When you want to add a Host in vCenter, you can turn it on and off in the Lock Down Mode tab and select it.
The second method:
Click on your host and click Manage on the Setting tab and click Security Profile. Scroll the page to the bottom of the Lock Down Mode. Click on it to turn it on and off and select its model.
Third method:
You can edit this function using DCUI:
Want to download this blog as a PDF document, click the link below:
Abd El-Rahman Oreiby
Senior Data Center Engineer
Al Thuraya Security Egypt
www.abdelrahmanoreiby.weebly.com
Increasing the Security of the Virtual Server with the Help of Lock Down Models
Reviewed by Abd El-Rahman Oreiby
on
6/23/2020 07:52:00 م
Rating:
Reviewed by Abd El-Rahman Oreiby
on
6/23/2020 07:52:00 م
Rating:
ليست هناك تعليقات: