Configuring an ESXi Host
You use the Direct Console User Interface (DCUI) to configure certain settings for ESXi hosts. The DCUI is a low-level configuration and management interface, accessible through the console of the server, that is used primarily for initial basic configuration. You press F2 to start customizing system settings.
You use the Direct Console User Interface (DCUI) to configure certain settings for ESXi hosts.
The DCUI is a low-level configuration and management interface, accessible through the console
of the server, that is used primarily for initial basic configuration. You press F2 to start
customizing system settings.
Configuring an ESXi Host: Root Access
The administrative user name for the ESXi host is root. The root password must be configured
during the ESXi installation process.
Configuring an ESXi Host: Management Network
You must set up your IP address before your ESXi host is operational. By default, a DHCPassigned
address is configured for the ESXi host. To change or configure basic network settings,
you use the DCUI.
In addition to changing IP settings, you perform the following tasks from the DCUI:
· Configure VLAN settings.
· Configure IPv6 addressing.
· Set custom DNS suffixes.
· Restart the management network (without rebooting the system).
· Test the management network (using ping and DNS requests).
· Disable a management network.
Configuring an ESXi Host: Other Settings
From the DCUI, you can change the keyboard layout, view support information, such as the host’s
license serial number, and view system logs. The default keyboard layout is U.S. English.
You can use the troubleshooting options, which are disabled by default, to enable or disable
troubleshooting services:
· vSphere ESXi Shell: For troubleshooting issues locally
· SSH: For troubleshooting issues remotely by using an SSH client, for example, PuTTY
The best practice is to keep troubleshooting services disabled until they are necessary, for
example, when you are working with VMware technical support to resolve a problem.
By selecting the Reset System Configuration option, you can reset the system configuration to its
software defaults and remove custom extensions or packages that you added to the host.
Controlling Remote Access to an ESXi Host
An ESXi host includes a firewall as part of the default installation. On ESXi hosts, remote clients
are typically prevented from accessing services on the host. Similarly, local clients are typically
prevented from accessing services on remote hosts.
To ensure the integrity of the host, few ports are open by default. To provide or prevent access to
certain services or clients, you must modify the properties of the firewall.
You can configure firewall settings for incoming and outgoing connections for a service or a
management agent. For some services, you can manage service details.
For example, you can use the Start, Stop, or Restart buttons to change the status of a service
temporarily. Alternatively, you can change the startup policy so that the service starts with the host
or with port use. For some services, you can explicitly specify IP addresses from which
connections are allowed.
Managing User Accounts: Best Practices
On an ESXi host, the root user account is the most powerful user account on the system. The user
root can access all files and all commands. Securing this account is the most important step that
you can take to secure an ESXi host.
Whenever possible, use the vSphere Client to log in to the vCenter Server system and manage
your ESXi hosts. In some unusual circumstances, for example, when the vCenter Server system is
down, you use VMware Host Client to connect directly to the ESXi host.
Although you can log in to your ESXi host through the vSphere CLI or through vSphere ESXi
Shell, these access methods should be reserved for troubleshooting or configuration that cannot be
accomplished by using VMware Host Client.
If a host must be managed directly, avoid creating local users on the host. If possible, join the host
to a Windows domain and log in with domain credentials instead.
ESXi Host as an NTP Client
Network Time Protocol (NTP) is an Internet standard protocol that is used to synchronize
computer clock times in a network. The benefits of synchronizing an ESXi host’s time include:
· Performance data can be displayed and interpreted properly.
· Accurate time stamps appear in log messages, which make audit logs meaningful.
· VMs can synchronize their time with the ESXi host. Time synchronization is beneficial to
applications, such as database applications, running on VMs.
NTP is a client-server protocol. When you configure the ESXi host to be an NTP client, the host
synchronizes its time with an NTP server, which can be a server on the Internet or your corporate
NTP server.