Configuring Advanced Options

The advanced options settings of an ESXi host can affect virtual machine security.
Advanced options include welcome messages,
sshd
prompts, SOAP session timeout, eager zeroing of VM memory, login attempts before lockout, seconds delay after lockout, password history, password duration, password quality, DCUI timeout, shell timeout, and host client session timeout. Eager zeroing of memory can be helpful for security.
Setting advanced options on individual ESXi hosts using the UI can be impractical at scale. The vSphere API offers a programmatic interface to manipulate advanced options. The UI is built on top of the API calls.
Advanced options are controlled by the
OptionManager
managed object, a property of
HostConfigManager
. You can show advanced options with
QueryOptions
, and set them with
UpdateOptions
. For details, see the
vSphere API Reference
.

Querying Advanced Options

The full list of advanced options is available in the
OptionManager.supportedOption[]
field, and the list of non-default settings is available in the
OptionManager.setting[]
field. The contents of these arrays are fixed for a particular ESXi build and do not change at runtime.
You can use the
QueryOptions
method to get the setting for any supported option.

Setting Advanced Options

To set an advanced option, call the
UpdateOptions
method with the desired key and value. The following pseudo-code sets the advanced option for memory zeroing to "1" for true:
MoRef optionMgr = hostSystem.configManager.advancedOption; opts = new OptionValue[] opts[0].key = "Mem.MemEagerZero" opts[0].value = "1" optionMgr.UpdateOptions(changedValue=opts)