To best protect your environment, be aware of security risks that might exist when you use Auto Deploy with host profiles.

In most cases, administrators set up Auto Deploy to provision target hosts not only with an image, but also with a host profile. The host profile includes configuration information such as authentication or network settings. Host profiles can be set up to prompt the user for input on first boot. The user input is stored in an answer file. The host profile and answer file (if applicable) are included in the boot image that Auto Deploy downloads to a machine.

The administrator (root) password and user passwords that are included with the host profile and answer file are MD5-encrypted. Any other passwords associated with host profiles are in the clear.

Use the vSphere Authentication Service to set up Active Directory to avoid exposing the Active Directory password. If you set up Active Directory using host profiles, the passwords are not protected.

The files that contain the host profile and answer file information are stored on disk in an obfuscated form. The files can be retrieved only as part of the waiter.tgz file that is generated for each host. The raw files are not accessible through the web server. However, it is possible for malicious code to pretend to be a host and download the host's waiter.tgz file, which contains information that can be used to compromise the host.

To greatly reduce Auto Deploy security risks, completely isolate the network where Auto Deploy is used.

For more information about Auto Deploy, see the Auto Deploy information that is part of the vSphere Installation and Setup documentation. For more information about host profiles and answer files, see the vSphere Host Profiles documentation.