Transmitting data over insecure connections presents a security risk because malicious users might be able to scan data as it travels through the network. As a safeguard, network components commonly encrypt the data so that it cannot be easily read.

To encrypt data, the sending component, such as a gateway or redirector, applies algorithms, or ciphers, to alter the data before transmitting it. The receiving component uses a key to decrypt the data, returning it to its original form. Several ciphers are in use, and the level of security that each provides is different. One measure of a cipher’s ability to protect data is its cipher strength—the number of bits in the encryption key. The larger the number, the more secure the cipher.

To ensure the protection of the data transmitted to and from external network connections, ESX uses one of the strongest block ciphers available—256-bit AES block encryption. ESX also uses 1024-bit RSA for key exchange. These encryption algorithms are the default for the following connections.

vSphere Client connections to vCenter Server and to the ESX host through the service console.

vSphere Web Access connections to the ESX host through the service console.

Note

Because use of vSphere Web Access ciphers is determined by the Web browser you are using, this management tool might use other ciphers.

SDK connections to vCenter Server and to ESX.

Service console connections to virtual machines through the VMkernel.

SSH connections to the ESX host through the service console.