Security of Remote RPC

Guest RPC is a communication channel between the guest operating system and its VMX, or virtual machine executable, the user space component of virtual infrastructure. The VMM, or virtual machine monitor, is the kernel space component.

In the ESXi 6.0 release, Guest RPC was reimplemented on top of VMCI Sockets.

To enforce security for the Guest SDK and HA Application Monitoring SDK, allowing only root and Administrator access to the functions provided by the SDK, on ESXi hosts you can edit the .vmx file for the respective virtual machine and set the secure authentication parameter as follows:

guest_rpc.rpci.auth.app.APP_MONITOR = TRUE

If you do not need to enforce security and want to allow non-root and non-Administrator users to access functions in the Guest and HA Application Monitoring SDK, the secure authentication parameter must not appear in the .vmx file, or it must be set FALSE.

Security of the DataSets API

The DataSets facility can be controlled from vCenter Server, so any security concerns are the same as for vSphere generally.

The DataSets facility can also be controlled with VM Tools from inside a guest OS, so security concerns are the same as for vmtoolsd.