Securing your remote sessions – VMware GSX 3 User Manual

C H A P T E R 4 Managing Virtual Machines and the VMware GSX Server Host

121

Checking Permissions in the VMware Management Interface

The VMware Management Interface lists the permissions you have for each
configuration file on the host machine to which you are connected. The permissions
appear on the Users and Events page for each virtual machine. For more information,
see

Viewing a List of Connected Users on page 145

.

Only virtual machines for which you have read access are visible to you in the VMware
Management Interface.

Securing Your Remote Sessions

The username, password and network packets sent to the GSX Server host over a
network connection when using the VMware Virtual Machine Console or the VMware
Management Interface are encrypted in GSX Server by default. As the Administrator
user (Windows hosts) or root user (Linux hosts), you can disable Secure Sockets Layer
(SSL) if you do not want to encrypt these sessions.

With SSL enabled, GSX Server creates security certificates and stores them on your
host. However, the certificates used to secure your VMware Management Interface
sessions are not signed by a trusted certificate authority; therefore they do not
provide authentication. If you intend to use encrypted remote connections externally,
you should consider purchasing a certificate from a trusted certificate authority.

With SSL enabled, the console and management interface perform exactly as they do
when SSL is disabled.

When SSL is enabled for the VMware Virtual Machine Console, a lock icon appears in
the lower right corner of the console window. Any consoles that are already open at
the time SSL is enabled do not become encrypted, and the lock icon does not appear
in these console windows. You must close these consoles and start new console
sessions to ensure encryption.

When SSL is enabled for the VMware Management Interface, the URL to connect to
the management interface is https://<hostname>:8333. The management
interface automatically redirects users to this URL if they use the insecure URL
(http://<hostname>:8222) to connect. A lock icon appears in the status bar of
the browser window.

If you disable SSL, users are automatically redirected to

http://<hostname>:8222

if they use https://<hostname>:8333 to

connect to the management interface.

Note: If SSL is disabled then enabled again, any new management interface
connections to the non-secure port (8222) are not redirected.