Communication between client components and vCenter Server or ESXi are protected by SSL-based encryption. Linux versions of these components do not perform certificate validation, so you should restrict the use of these clients.

Even when the management interfaces of vCenter Server and ESXi are available on trusted networks only, encryption and certificate validation add extra layers of defense against an attack. The following components are vulnerable when they run on the Linux operating system.

vCLI commands

vSphere SDK for Perl scripts

Programs written using the vSphere SDK

You can relax the restriction against using Linux-based clients if you enforce proper controls.

Restrict management network access to authorized systems only.

Use firewalls to ensure that only authorized hosts are allowed to access vCenter Server.

Use jump-box systems to ensure that Linux clients are behind the jump.