Network File Copy (NFC) provides a file-type-aware FTP service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores. You can enable SSL certificate validation for NFC operations.

The initial authentication for an NFC transfer occurs using SSL, but by default, the actual data transfer occurs in plain text for performance reasons. Because this file transfer occurs over the management network, the risk of data being leaked is related to the isolation of the management network.

When you enable SSL over NFC, connections between vSphere components over NFC are secure. This connection can help prevent man-in-the-middle attacks within a datacenter.


Enabling SSL over NFC causes some performance degradation.

Turn off the virtual machine.


Find the virtual machine in the vSphere Web Client inventory.


To find a virtual machine, select a datacenter, folder, cluster, resource pool, or host.


Click the Related Objects tab and click Virtual Machines.


Right-click the virtual machine and click Edit Settings.


Select VM Options.


Click Advanced and click Edit Configuration.


Add or edit the parameter nfc.useSSL and set the value to true.


Click OK.