Contents
Previous Next
Securing Your Remote Sessions
The username, password and network packets sent to the GSX Server host over a network connection when using the VMware Virtual Machine Console or the VMware Management Interface are encrypted in GSX Server by default. As the Administrator user (Windows hosts) or root user (Linux hosts), you can disable Secure Sockets Layer (SSL) if you do not want to encrypt these sessions.
With SSL enabled, GSX Server creates security certificates and stores them on your host. However, the certificates used to secure your VMware Management Interface sessions are not signed by a trusted certificate authority; therefore they do not provide authentication. If you intend to use encrypted remote connections externally, you should consider purchasing a certificate from a trusted certificate authority.
With SSL enabled, the console and management interface perform exactly as they do when SSL is disabled.
When SSL is enabled for the VMware Virtual Machine Console, a lock icon appears in the lower right corner of the console window. Any consoles that are already open at the time SSL is enabled do not become encrypted, and the lock icon does not appear in these console windows. You must close these consoles and start new console sessions to ensure encryption.
When SSL is enabled for the VMware Management Interface, the URL to connect to the management interface is https://<hostname>:8333. The management interface automatically redirects users to this URL if they use the insecure URL (http://<hostname>:8222) to connect. A lock icon appears in the status bar of the browser window.
If you disable SSL, users are automatically redirected to http://<hostname>:8222 if they use https://<hostname>:8333 to connect to the management interface.
Note: If SSL is disabled then enabled again, any new management interface connections to the non-secure port (8222) are not redirected.
Using Your Own Security Certificates
If you prefer, you can use your own security certificate when you enable SSL.
On a Windows host, run the Microsoft Management Console (mmc.exe) and select your certificate. When you upgrade the VMware Management Interface on a GSX Server for Windows host, you need to reassign your certificate to the management interface.
On a Linux host, the VMware Management Interface certificate must be placed in /etc/vmware-mui/ssl. The management interface certificate consists of two files: the certificate itself (mui.crt) and the private key file (mui.key). The private key file should be readable only by the root user.
When you upgrade the VMware Management Interface on a Linux host, the certificate remains in place and, in case you removed the management interface, the directory is not removed from your host.
Enabling and Disabling SSL for Remote Sessions
You enable and disable SSL for VMware Virtual Machine Console connections in the console or the management interface. You enable SSL for VMware Management Interface connections in the management interface. By default, SSL is enabled for all remote connections.
Remember that the certificates used in these secure sessions are not signed by a trusted certificate authority; therefore they do not provide authentication. If you intend to use encrypted remote connections externally, you should consider purchasing a certificate from a trusted certificate authority.