As I am learning more about Information Security, there are a lot more General Best Practices that must be implemented on a local ESXi host.
Again, there is a very large amount of necessary security documentation that is missing from VMWare. One that is critical for use and was missing, is of course User Management. To begin, I came across the necessity for a read-only user on your local ESXi sever 6.5, that is not connected to vSphere.
Creating a new local user is well documented by VMWare, however I’ll summarize it again here.
- Log into the ESXi Host.
- Under “Navigator” go to “Manage”.
- Now go to “Security & users” tab under the menu at the top of the screen.
- On the side menu, go to “Users”.
- Click “Add User”, and complete the dialog box that is displayed.
- The dialog box asks for user name, a description, and password.
- *However, it is important to note that this does not set a role, or permissions as one would expect!
So now that the user has been created, the default permissions for the user are null. You have to manually add roles and permissions to the user that has been created. Now that we have created a new user which we want to assign new permissions and a role, it is a really easy process.
- Log in to your ESXi Host.
- On the home page, click “Actions”
- Then click “Permissions”
- Within this new menu click “Add User” which is at the top of the dialog box which appears.
- Select a user from the drop down menu which says “Select User”
- Under “Select a Role” you can chose from a pre-made template or manually assign permissions to the user account.
It really is that simple! You would imagine that VMWare would be able to document such a simple process in the new ESXi 6.5, but despite searches on YouTube and Google, I had no such luck. Hopefully this quick guide will assist someone.