vCenter

 View Only
  • 1.  Smart Card login to VirtualCenter

    Posted May 29, 2008 05:13 PM

    Folks,

    I just want to make sure that my understanding of the process is correct.

    VirtualCenter server configured to use AD authentication and AD account added to virtual center.

    AD set to use smart card (pki) authtentication.

    No additional configuration required for VirtualCenter client - smart card login passed to AD for authentication.

    Is it really that simple or have I missed something in the documentation?

    thanks.

    Mike



  • 2.  RE: Smart Card login to VirtualCenter

    Posted May 29, 2008 05:45 PM

    If you log into a system in the same domain as VirtualCenter, and use the client with the -passthroughAuth -s vchostname added to the end of the shortcut, it will pass your currently logged on credentials to the VirtualCenter server. This is true for VirtualCenter (and VI Client 2.5 and above).

    In this case, you would not need the VI Client to natively support Smart Card authentication.

    Here's a good article regarding this:

    Jase McCarty

    http://www.jasemccarty.com

    Co-Author of VMware ESX Essentials in the Virtual Data Center

    (ISBN:1420070274) from Auerbach



  • 3.  RE: Smart Card login to VirtualCenter

    Posted May 29, 2008 05:54 PM

    Thanks for the helpful information.

    I'm not really loking to passthru the credentials of the currently logged in user. I'm looking at requiring each administrative account to have its own smart card. The process would be the user uses his/her normal account to log onto network. But if the user needs to perform administrative work within VirtualCenter, then the user would use a second smart card reader and a special smart card tied to their administrator to log on using the VC client software.

    Hope this clarifies the question.

    Mike



  • 4.  RE: Smart Card login to VirtualCenter

    Posted Jul 15, 2008 03:47 PM

    Update - tested using smart card tied to admin account while logged into network on normal account. Opened VirtualCenter client and was asked for login name - no option to select smart card.

    Note - this is VirtualCenter 2.0.1, we are in the process of upgrading to VC 2.5 and will test again once the upgrade is complete.

    Mike



  • 5.  RE: Smart Card login to VirtualCenter

    Posted Jul 15, 2008 04:07 PM

    Yup, VC 2.5 is the first version that offers smart card authentication. My company uses smart card as a secondary login for administrators. The way I get it to work is use the -passthroughAuth option mentioned above but then invoke the runas option by right-clicking on the shortcut. Once the runas dialog box opens, change the user to the smart card credentials. This has worked for me without issue for the past few months. Hope this helps...



  • 6.  RE: Smart Card login to VirtualCenter

    Posted Nov 04, 2008 01:19 PM

    After you are logged into VC with the passthrough option, is there any way to log onto the console of a VM using the Smart Card?



  • 7.  RE: Smart Card login to VirtualCenter
    Best Answer

    Posted Nov 04, 2008 02:10 PM

    There's another thread talking about this right now. VC to VM Console SSO/Authentication.

    http://communities.vmware.com/message/1090180

    Think of the VM Console the same as attaching a KVM (Keyboard, Video, Mouse) to a VM, in the same fashion as you would on a physical box.

    The VM Console is behaving much the same way. You'd have to modify "KVMness" of the VM Console to plugin to the guest, using some type of app/service that ties into the logon process of the guest.

    Keep in mind, if you do find success doing this, you'll need to limit your guest's number of active terminals to 1, otherwise more than 1 user can be attached to the console at a single time.

    Add this line to your .vmx file, and it will limit it to 1 console session:

    RemoteDisplay.maxConnections = 1

    Cheers,

    Jase

    Jase McCarty

    http://www.jasemccarty.com

    Co-Author of VMware ESX Essentials in the Virtual Data Center

    (ISBN:1420070274) from Auerbach