23 of 128

comments

Media

DCUI-SSH.mp4
7.53MB
This video will show you an new vSphere 5 feature which enables you to get access to the Direct Console User Interface (DCUI) through SSH instead of the ESXi physical console. Only users that are assigned the Administrator role can log in to the Direct Console User Interface (DCUI). To allow access to the direct console, add the user to the local administrators group. Enabling or disabling lockdown mode affects which types of users are authorized to access host services, but it does not affect the availability of those services. In other words, if the ESXi Shell, SSH, or Direct Console User Interface (DCUI) services are enabled, they will continue to run whether or not the host is in lockdown mode.

Configure Lockdown Mode

To increase the security of your ESXi hosts, you can put them in lockdown mode. When you enable lockdown mode, no users other than vpxuser have authentication permissions, nor can they perform operations against the host directly. Lockdown mode forces all operations to be performed through vCenter Server.

When a host is in lockdown mode, you cannot run vSphere CLI commands from an administration server,vfrom a script, or from vMA against the host. External software or management tools might not be able to retrieve or modify information from the ESXi host.



The root user is still authorized to log in to the direct console user interface when lockdown mode is enabled. Enabling or disabling lockdown mode affects which types of users are authorized to access host services, but it does not affect the availability of those services. In other words, if the ESXi Shell, SSH, or Direct Console User Interface (DCUI) services are enabled, they will continue to run whether or not the host is in lockdown mode.