Starting with VMware virtual hardware version 7, the VMCI device is enabled by default. Virtual machines upgraded from older hardware versions to version 7 acquire the VMCI device even if it was not present before upgrading the virtual hardware. The VMCI device cannot be removed. On most guest operating systems, VMware Tools should be installed to provide a VMCI device driver.
To address security concerns, VMware provided a method to restrict VMCI-based services that are available to a virtual machine. Services were restricted to a trusted subset of only the hypervisor-related services needed to run a virtual machine in isolation. Restricted was the default, as is now the only configuration.
All VMCI communications are authenticated. The source (context ID) may not be spoofed. The VMCI facility implicitly authenticates any hypervisor service as being part of the trusted code base. VMCI does not provide fine grained authentication of communication endpoints, so applications must deal with fine grained authentication as a separate issue. It is the responsibility of applications running on top of VMCI to implement their own authentication mechanisms if necessary. VMCI ensures only that malicious software cannot spoof the source field in VMCI datagrams identifying the sending virtual machine.
ESX/ESXi 4.0 to ESXi 5.0 provide .vmx options for VMCI isolation. As of ESXi 5.1, these options have no effect.
When its vmci.unrestricted option was set
TRUE, a virtual machine could communicate with all host endpoints and other virtual machines that had
vmci0.unrestricted set
TRUE.
(ESX/ESXi only) All virtual machines and host applications were members of the default domain ("") null string, by default. If the
vmci0.domain option specified a non-default domain, then the virtual machine could communicate only with the hypervisor and other virtual machines in the same domain. This was to organize virtual machines into groups that could communicate with each other.
As of ESXi 5.1, or earlier when configured for restricted communication, the VMCI device has a security profile similar to any other device such as keyboard, video monitor, mouse, or motherboard. Guest communications depend on the VMCI applications running on the host. VMCI in itself does not expose any guest information.