Understanding potential security risks helps you set up your environment in a secure manner.

Secure your network as you would for any other PXE-based deployment method. Auto Deploy transfers data over SSL to prevent casual interference and snooping. However, the authenticity of the client or of the Auto Deploy server is not checked during a PXE boot.

The boot image that the Auto Deploy server downloads to a machine can have the following components.

The VIB packages that the image profile consists of are always included in the boot image.

The host profile and answer file are included in the boot image if Auto Deploy rules are set up to provision the host with a host profile or answer file.

The administrator (root) password and user passwords that are included with host profile and answer files are MD5 encrypted.

Any other passwords associated with profiles are in the clear. If you set Active Directory by using host profiles, the passwords are not protected.

Use the vSphere Authentication Service for setting up Active Directory to avoid exposing the Active Directory passwords.

The host's public and private SSL key and certificate are included in the boot image.

The files that contain the host profile and answer file information are stored on disk in an obfuscated form. The files can be retrieved only as part of the waiter.tgz file that is generated for each host. The raw files are not accessible through the web server. However, malicious code can pretend to be a particular host and download a host's waiter.tgz file. The information in the waiter.tgz file can then be used to compromise the ESXi host.

You can greatly reduce the security risk of Auto Deploy by completely isolating the network where Auto Deploy is used.