T E C H N I C A L W H I T E P A P E R / 8 1
VMware vSphere 5.0 Evaluation Guide –
Volume One
group called “Company X” on vSwitch0 for each host in the cluster “DemoCluster-01”:
Get-Cluster DemoCluster-01 | Get-VMHost | Get-VirtualSwitch -Name vSwitch0 | New-VirtualPortGroup
“Company X” -VLanId 200
vSphere PowerCLI Summary
In conclusion, you can see that vSphere PowerCLI is a robust command-line tool for automating all aspects of
vSphere management, including host, network, storage, virtual machine, and guest OS management. It can be
used with other PowerShell snap-ins provided by Microsoft or third-party companies to integrate VMware
technologies easily into other products and reach inside the guest OS.
The design of PowerShell and, inherently, vSphere PowerCLI, makes this scripting language easier to learn than
many scripting languages before it. Complex configurations and reporting can be achieved with minimal effort
from the administrator, safe in the knowledge of a repeatable, error-free solution.
Evaluating the ESXi Firewall
Introduction
The ESXi 5.0 management interface is protected by a service-oriented and stateless firewall, which you can
configure using the vSphere Client or at the command line with esxcli interfaces. A new firewall engine
eliminates the use of iptables, and rule sets define port rules for each service. For remote hosts, you can specify
the IP addresses or range of IP addresses that are allowed to access each service.
Evaluation Overview
In this exercise, you will configure the ESXi firewall to allow or deny SSH service to the host. SSH is a service that
can be enabled or stopped on an ESXi host. As part of this exercise, you will stop and start SSH service, and also
configure firewall rules. ESXi firewall configuration can be done through the vSphere Client interface and
through the vCLI. In this example environment, you will configure the firewall rules through vSphere Client UI.
Prerequisites
The evaluation environment consists of the following components:
1. Three ESXi hosts
2. Virtual machines running on hosts
3. Each virtual machine a software tool installed
a. PuTTY
Stopping SSH Service to Prevent Access
The SSH service provides a secure shell to manage the ESXi host. By default, this service is enabled. To stop this
service, you have to follow these steps:
1. Select the
Home > Inventory > Hosts and Clusters
view.
2. Choose the host
tm-pod01-esx01.tmsb.local
in the left panel, and select
Configuration
tab on the right.
3. To see the firewall and services setting, select the
Security Profile
under the software section. Figure 110
shows the current Security Profile of the selected ESXi host. You can see that the SSH service is enabled
and current firewall settings allow access to the SSH server on TCP port 22.
