Virtualization Pro

Jul 22 2009   2:26PM GMT

VMware ESX Web access in vSphere

Eric Siebert Eric Siebert Profile: Eric Siebert

With VMware Infrastructure 3, Web access was enabled by default. VMware chose to disable it in vSphere for security purposes. If you access an ESX 4 host with a Web browser you will see the default welcome page but if you click the log-in link you will get a 503 Service Unavailable error message.

This only affects ESX hosts (VMware vCenter Server has this enabled by default; ESXi does not have a Web access user interface (UI) to manage the host and virtual machines).

There is a tech note that describes the process for enabling this feature in ESX 4.0, but before you go ahead and do this you should ask yourself if you really need this feature enabled on all your hosts. VMware disabled this feature for a reason — Web based access methods are inherently insecure and are subject to numerous vulnerabilities that could potentially compromise your VMs and hosts.

The Web admin UI is very limited as you can only administer guest VMs and not host servers. Leaving it disabled removes a potential attack vector for your ESX hosts and makes them more secure. This is also true of other configuration settings that are disabled by default in ESX such as root access using SSH.

The first thing many administrators do is enable this because it is easier than setting up another user account and using su or sudo. So resist the urge to enable web access and utilize the vSphere client instead. If you must use web access for a specific reason only enable it on the hosts that need it. If you are using a vCenter Server use the web access on vCenter instead and use the roles and permissions built into it for additional security. By leaving vSphere web access disabled you are helping to make your ESX hosts and your whole virtual environment more secure.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: