Solved: Re: How does ESX authenticate Virtual Center?

John_Balsillie · ‎05-07-2008

Hi,

When you add a host to a datacenter, root credentials for the host are input. After this

initial process though, how is the ongoing authentication of the VC server handled by each

host? If a host is rerstarted for example, nothing has to be done at the VC server via the

VI client to start working with that host again - it just works. Does this mean that the

host's root password is somehow somewhere cached or stored by the VC server? If this is

the case, the next question is how is it that the VC server can still communicate with a host

if the root password is changed at the host?

John Balsillie

John Balsillie VCI VCP5 VCAP4-DCA VCP4 VCP3 Explorer IT Services Pty Ltd

Gerrit_Lehr · ‎05-07-2008

When adding a Host the the VC, the Virtual Center Agent is being installed on the ESX Host. Also, the User vpxuser get created on the ESX Server, which is used for the communication between VC and ESX. You should have a look at page 10 of this document:

http://www.vmware.com/pdf/vi3_security_architecture_wp.pdf

Kind Regards,

Gerrit Lehr

If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".

Kind regards, Gerrit Lehr If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".

View solution in original post

Dave_Mishchenko · ‎05-07-2008

When VirtualCenter sets up the VC agent on a host using the root account, the process creates a user called vpxuser on the ESX host and VirtualCenter will use that for subsequent connections to the host. So you would be able to change the root password without impacting VC to ESX communications. The vpxuser password is stored on both the ESX host and in the VC database. The password for vpxuser is unique for each ESX host.

Gerrit_Lehr · ‎05-07-2008