In my new role, I get to work with a lot of new products and features that are not yet in a state to be used for beta, never mind being close to GA. This means, from time to time, that we needs to work around a few specific problems to get the product/feature to work. On this particular occasion, we were trying to add a custom firewall rule to an ESXi host. The rule took fine, but did not persist through reboots of the ESXi host, which is what was required. This is the solution we came up with.
This came up in a conversation today. Does VMware’s Software iSCSI implementation support Internet Protocol Security (IPsec) in vSphere 5.1? Internet Protocol Security (IPsec) secures IP communications coming from and arriving at an ESXi host. Although KB article 1021769 states that IPv6 is compatible with Software iSCSI, it doesn’t state whether or not IPsec is supported with Software iSCSI. To find this information, you have to reach for the vSphere Security Guide. Under the section ‘Securing iSCSI Devices Through Authentication’, it states: ESXi does not support Kerberos, Secure Remote Protocol (SRP), or public-key authentication methods for iSCSI. Additionally, it does not…