Security of Remote
RPC
Guest RPC is a communication channel between
the guest operating system and its VMX, or virtual machine executable, the user
space component of virtual infrastructure. The VMM, or virtual machine monitor,
is the kernel space component.
In the ESXi 6.0 release, Guest RPC was
reimplemented on top of VMCI Sockets.
To enforce security for both the Guest SDK and the
HA Application Monitoring SDK, allowing only root and Administrator access to
the functions provided by the SDK, on ESXi 6.0 hosts you can edit the
.vmx
file for the respective virtual machine
and set the secure authentication parameter as follows:
guest_rpc.rpci.auth.app.APP_MONITOR = TRUE
If you do not need to enforce security and want to
allow non-root and non-Administrator users to access functions in the Guest and
HA Application Monitoring SDK, the secure authentication parameter must not
appear in the
.vmx
file, or it must
be set
FALSE
.