VMware vSphere

Is it possible to integrate RSA's one-time password with vCenter Server password authentication via vSphere Client? I know it's possible with VMware View and ESX Server, but I'm not sure about vCenter Server.

Hi,

maybe it could be possible.

I think you have to create an Agent Host on RSA, assign users with its token to it, and install the RSA Agent on the vcenter Server.

Have you got an howto, authentificate ESX with RSA??

MCP, VCP

There's no support for SecurID authentication in VMware vCenter server. Only in View, the Service Console of ESX and the vMA virtual appliance.

mike

(I work for RSA on virtualization "stuff")

Any idea when the RSA Integration with vCenter will be available? After implementing Virtual Infrastructure in our Data Centre, security concerns or issues are next. The top management was asking why View has RSA integration first instead of vCenter. Having access to vCenter means having access to the entire consolidated servers, and that translates to over 100VMs. What about a work around?

Thanks very much!

That sort of thing you would have to ask VMware about. vCenter is their product. One of the issues here is that in order to put in any other type of authentication method, you'd have to change all sorts of things. PowerCLI, vCenter client, Web Access (tho that would be fairly easy), Perl, etc..It's non-trivial if you think it thru.

View was relatively easier as the authentication is done at the Java-based web server (View Manager/Connection server) and there's lots of examples and precidence there.

I would suggest what I suggest to everyone I talk to. Create a management-only LAN. Protect that LAN with an SSL VPN that supports SecurID and/or some View desktops that are in that LAN. Remote Desktop into the LAN via the VPN or View and run vCenter client that way. At least then you have two-factor authentication protecting the resources.

You may also consider a solution such as Hytrust. (Not an RSA product) It takes the management LAN concept further.

mike