• Skip to primary navigation
  • Skip to main content

frankdenneman.nl

  • AI/ML
  • NUMA
  • About Me
  • Privacy Policy

Disallowing multiple vm console sessions

November 30, 2010 by frankdenneman

Currently I’m involved in a high-secure virtual infrastructure design and we are required to reduce the number of entry points to the virtual infrastructure. One of the requirements is to allow only a single session to the virtual machine console. Due to the increasing awareness \ demand of security in virtual infrastructure more organizations might want to apply this security setting.
1. Turn of the virtual machine.
2. Open Configuration parameters of the VM to edit the advanced configuration settings
3. Add Remote.Display.maxConnections with a value of 1
4. Power on virtual machine
Update: Arne Fokkema created a Power-CLI function to automate configuring this setting throughout your virtual infrastructure. You can find the power-cli function on ICT-freak.nl.

Filed Under: VMware Tagged With: restrict VM console, Security

Comments

  1. Ray says

    November 30, 2010 at 4:43 pm

    Why not setting it to “0” and dictate that remote connections are only allowed through RDP?

  2. Jason Boche says

    November 30, 2010 at 4:45 pm

    You might like this too http://www.boche.net/blog/index.php/2010/06/23/disable-copy-and-paste-for-a-vm/

  3. Hugo Strydom says

    November 30, 2010 at 7:28 pm

    @Jason
    This is by default in v4.1 disabled. You can look at KB : 1026437. Thus no need to specify it anymore.

  4. Elvedin Trnjanin says

    November 30, 2010 at 7:49 pm

    Additional security information can be found in the “VMware vSphere 4.0 Security Hardening Guide” ( http://www.vmware.com/resources/techresources/10109 ) and should be a good read for everyone

  5. Greg says

    November 30, 2010 at 9:26 pm

    So the obvious question is how do I enabled this for each VM, a cluster, dc etc. Looks like Arne Fokkema is frist watch tonight http://ict-freak.nl/2010/11/30/powercli-re-disallowing-multiple-vm-console-sessions/ – nice work all

  6. LucD says

    November 30, 2010 at 9:42 pm

    My Security – Hardening – Part 1 – Virtual Machines post shows one way to apply these recommendations.

  7. Alastair Cooke says

    February 3, 2011 at 10:44 pm

    Hi Frank,
    First off great blog, I always have to set aside some time to re-read your longer posts to get and understand all the information.
    A correction for this post, the advanced setting is “RemoteDisplay.maxConnections”
    You have a dot between Remote and Display which doesn’t work on my 4.1 environment and might cause me issues when I redo my VCAP-DCA exam.

  8. Kiwi says

    August 16, 2011 at 3:50 pm

    Thanks Alastair, without the point between “Remote” and “Display” it also works in our 4.1 environment.

  9. Drew says

    January 19, 2012 at 8:17 pm

    is there a way to kick a user out of a console session if he has left it open?

Copyright © 2025 · SquareOne Theme on Genesis Framework · WordPress · Log in