Hi,
When you add a host to a datacenter, root credentials for the host are input. After this
initial process though, how is the ongoing authentication of the VC server handled by each
host? If a host is rerstarted for example, nothing has to be done at the VC server via the
VI client to start working with that host again - it just works. Does this mean that the
host's root password is somehow somewhere cached or stored by the VC server? If this is
the case, the next question is how is it that the VC server can still communicate with a host
if the root password is changed at the host?
John Balsillie
When adding a Host the the VC, the Virtual Center Agent is being installed on the ESX Host. Also, the User vpxuser get created on the ESX Server, which is used for the communication between VC and ESX. You should have a look at page 10 of this document:
http://www.vmware.com/pdf/vi3_security_architecture_wp.pdf
Kind Regards,
Gerrit Lehr
If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".
When VirtualCenter sets up the VC agent on a host using the root account, the process creates a user called vpxuser on the ESX host and VirtualCenter will use that for subsequent connections to the host. So you would be able to change the root password without impacting VC to ESX communications. The vpxuser password is stored on both the ESX host and in the VC database. The password for vpxuser is unique for each ESX host.
When adding a Host the the VC, the Virtual Center Agent is being installed on the ESX Host. Also, the User vpxuser get created on the ESX Server, which is used for the communication between VC and ESX. You should have a look at page 10 of this document:
http://www.vmware.com/pdf/vi3_security_architecture_wp.pdf
Kind Regards,
Gerrit Lehr
If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".