Configuring Advanced Options
The advanced options settings of an ESXi host can affect virtual machine
security.
Advanced options include welcome messages,
sshd
prompts, SOAP session timeout, eager zeroing of VM memory,
login attempts before lockout, seconds delay after lockout, password history, password
duration, password quality, DCUI timeout, shell timeout, and host client session
timeout. Eager zeroing of memory can be helpful for security.Setting advanced options on individual ESXi
hosts using the UI can be impractical at scale. The vSphere API offers a programmatic
interface to manipulate advanced options. The UI is built on top of the API calls.
Advanced options are controlled by the
OptionManager
managed object, a
property of HostConfigManager
. You can show advanced options with
QueryOptions
, and set them with UpdateOptions
. For
details, see the vSphere API
Reference
.Querying Advanced Options
The full list of advanced options is
available in the
OptionManager.supportedOption[]
field, and the
list of non-default settings is available in the
OptionManager.setting[]
field. The contents of these arrays are
fixed for a particular ESXi build and do not change at runtime.You can use the
QueryOptions
method to get the setting for any supported
option.Setting Advanced Options
To set an advanced option, call the
UpdateOptions
method with the desired key and value. The
following pseudo-code sets the advanced option for memory zeroing to "1" for
true:MoRef optionMgr = hostSystem.configManager.advancedOption; opts = new OptionValue[] opts[0].key = "Mem.MemEagerZero" opts[0].value = "1" optionMgr.UpdateOptions(changedValue=opts)