ESXi Lockdown Mode and Aria Suite: Compatibility and Operational Impact
Article ID: 403471
Updated On:
Products
Issue/Introduction
A common question is whether enabling or disabling ESXi Lockdown Mode requires additional configuration or changes for VMware Aria Suite components (specifically Aria Operations, Aria Operations for Logs, and Aria Automation) to function properly within a VMware vSphere environment, addressing potential compatibility and configuration concerns.
Environment
VMware Cloud Foundation 4.x, 5.x
Resolution
No additional changes or modifications are generally needed when ESXi Lockdown Mode is enabled. ESXi Lockdown Mode is a security best practice designed to enforce that all management of the ESXi host occurs exclusively through vCenter Server. The Aria Suite components (Aria Operations, Aria Operations for Logs, and Aria Automation) are architecturally designed to interact with the virtual infrastructure primarily through vCenter Server's APIs, rather than by directly managing individual ESXi hosts. This fundamental design alignment ensures that these suite components remain fully functional and compatible with ESXi hosts operating in Lockdown Mode.
Additional Information
All configuration changes must be applied at the vCenter Server level (can be from UI or API). Do not make direct changes on the ESXi host as part of security feature lockdown mode.
More information on enabling/disabling the lockdown Mode
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-security-8-0/securing-esxi-hosts/customizing-hosts-with-the-security-profile/lockdown-mode.html
Feedback
