This post is about mitigating the “unplanned reset” operational risk of the “Control-Alt-Delete” button in the vSphere Web Client/C# Client console for all Linux VMs, including NSX Manager, NSX Controller, vCNS Manager and vCD.
All Linux Administrators will be aware that pressing Control-Alt-Delete on the Console will reset the Linux OS immediately unless disabled in the Linux Operating system. However, Windows Administrators are not aware of this, because they press the same key sequence to access the login screen. Unfortunately, this behaviour is also true for some “hardened” virtual appliances such as NSX and vCNS.
This behaviour has been around for a very long time:
- Isn’t Ctrl-Alt-Delete on Linux *really* dangerous?
- Disabling Control-Alt-Delete shutdown is not working
- Don’t Hit Ctrl+Alt+Del On the ESX 4 Console
With a solution for Linux Operating Systems to ignore the “Control-Alt-Delete” key sequence:
VMware Workstation has a “Control-Alt-Delete” ignore setting (“mks.CtlAltDel.ignore”) that is not available in vSphere 5.x:
As a Customer of VMware, I have opened a ticket with GSS and also contacted GSS employees who I know via Twitter to investigate. It is too early to tell yet, but it appears that this feature has been scheduled but never implemented in vSphere 5.x.
What I do not understand, is why VMware have not implemented this KB in vSphere 5.x and the “Control-Alt-Del” ignore sequence has not been added to the “hardened” vCNS Manager and NSX Manager/Controller templates. Surely this would have been detected during vCNS/NSX testing? And considered a high operational risk to the vCNS and NSX product suites?
The VMware Products that Passed (UPDATED)
I am pleased to report that ESXi 5.x, vCSA 5.x. LogInsight, vC Ops, NSX Edge Gateway, NSX LDR and vCD (hardened) do not reboot, since “Control-Alt-Delete” has been disabled within the base Linux OS of the Virtual Appliances.
I have not had a chance to test vMA, vSA, vCNS Edge yet. If you can test it in your lab, drop me a line (with a screenshot) and I will add the result to this post.
Assessing your Exposure
I will state the obvious: DO NOT TEST THIS IN YOUR PRODUCTION ENVIRONMENT!
It is very simple to assess your exposure, assuming you have a full test environment that is representative of your Business Critical and Mission Critical Production workloads: Open the Console of each Virtual Machine or Appliance and press the “Control-Alt-Delete” or “Control-Alt-Insert” key sequence.
If the VM/VA resets, you have an operational risk that can be mitigated (covered in the next section). For Virtual Appliances, you will have to open tickets with the vendor who developed the Virtual Appliance to provide you a version that ignores the “Control-Alt-Delete” key sequence.
Mitigating this Risk
There are a number of things that can be done to mitigate this risk until VMware (and other vendors) provide fixes to their existing virtual appliances and a “Control-Alt-Delete” Ignore option in ESXi 5.x:
- Education of Linux and Windows Administrators about the dangers of using “Control-Alt-Delete” with Linux VMs and Virtual Appliances
- Update of operational procedures for Administrators
- Restrict access to the consoles of vCD RHELS VMs, Linux VMs, vCNS Manager, NSX Manager/Controller Virtual Appliances
- Modify the “/etc/init/control-alt-delete.conf” file on all Linux OS VMs and VM Templates to ignore the “Control-Alt-Delete” key sequence, including vCloud Director RHELS 6.x.