vsphere compliance checker - prevent spying

In relation to the vSphere compliance checker, the check around preventing other users from spying on admin consoles. Can you give a management friendly overview on who and how a user could spy on the consoles (which “consoles” are they referring to), and how this configuration prevents this. What is the risk if a user can see the admin console, what does this give them? If a hacker wants to spy on such consoles, what position must they be in to spy?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
When you use the vSphere Client to connect to the ESX/ESXi server, there is an option to Open a Console to a Virtual Server, so you can see the console screen, MULTIPLE consoles can be opened.

This is what is meany by spying!

It's a bit like a Multiple Shadow session, or LogMeIn, Teamviewer, WebEx, etc

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
So you''d need access to vcenter anyway, and youd be spying on another admin?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

pma111Author Commented:
Sorry but whats the definition of console? And by spying on a console, what kind of information could they gather? If they are only admins allowed to access vcenter, is it really much of an issue if they spy on each other, as theyll likely have access to everything anyway!
pma111Author Commented:
It sounds like its similar to me spying on my collegue reading a confidential word document, when I could just open the word document myself. Why the need to spy?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If they do not have access to the vSphere Client, they cannot spy. If you prevent access to the vSphere Client, the majority of your risks, are mitigated. So the less Administrators that have access to vSphere Client the better.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Console, is the Remote Connection to the Server, you can view the contents, just like if you are sitting in front of a screen, and someone looks over your shoulder, they can read and see what you are doing.
pma111Author Commented:
Have you concerns around your admins spying on one another? Is that why you implement this configuration?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
With all Administrators in IT, there must be an element of trust.

also when using Open Console Feature, it states if another console has been opened, but you do not know who.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.