You can enable or disable remote and local access to the ESXi Shell to create different lockdown mode configurations.

The following table lists which services are enabled for three typical configurations.

Caution

If you lose access to vCenter Server while running in Total Lockdown Mode, you must reinstall ESXi to gain access to the host.

Lockdown Mode Configurations

Service

Default Configuration

Recommended Configuration

Total Lockdown Configuration

Lockdown

Off

On

On

ESXi Shell

Off

Off

Off

SSH

Off

Off

Off

Direct Console UI (DCUI)

On

On

Off