The Lockdown mode in vSphere v.6 is different comparing with
the previous version (v.5).
vSphere 6 introduces a couple of new concepts:
· Normal Lockdown Mode
· Strict Lockdown Mode
· Exception Users
The following table summarizes the access method in each Lockdown Mode.
Access Method |
Lockdown Mode Disabled |
Normal Lockdown Mode |
Strict Lockdown Mode |
vCenter |
Yes |
Yes |
Yes |
Direct Console access (DCUI) with root |
Yes |
Yes |
No |
Direct Console access (DCUI) with account (local account only) defined in DCUI.Access advanced option for the host |
Yes |
Yes |
No |
Direct Console access (DCUI) with accounts in Exception User for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account) |
N/A |
Yes |
No |
vSphere Client directly to ESXi with root |
Yes |
No |
No |
vSphere Client directly to ESXi with account (local account only) defined in DCUI.Access advanced option for the host |
No |
No |
No |
vSphere Client directly to ESXi with accounts in Exception User for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account) |
N/A |
Yes |
Yes |
PowerCLI / CLI to ESXi with root |
Yes |
No |
No |
PowerCLI / CLI to ESXi with account (local account only) defined in DCUI.Access advanced option for the host |
No |
No |
No |
PowerCLI / CLI to ESXi with accounts in Exception User for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account) |
N/A |
Yes |
Yes |