Wednesday 29 November 2017

Back to Basics – Part 17 VMware vSphere Authentication Proxy Service

In our last blog posts related to Back to Basics Series we discussed about Virtual MachineFiles (Part1), Standard Switches (Part2), vCenter Server (Part 3),Templates (Part4) vApp (Part 5), Migration (Part 6),Cloning (Part 7), Host Profiles (Part 8), Virtual Volumes AKA VVOL's (Part 9) Fault Tolerance (Part10) ,DistributedSwitches (Part 11) and Distributed Resource Scheduler Part 12, vCenter Server High Availability (Part 13),Back to Basics (Part -14) Creating Reports in VROPS,Back to Basics- Part 15 Understanding VMware App Volumes and Back to Basics- Part 16 Understanding VMware vSphere ESXi Shell and SSH Timeouts we also discussed about the various tasks related to building Home Lab Part1Part 2Part 3,Part 4 Part 5.

Dedicated this article to talk about VMware vSphere Authentication Proxy Service which helps us to add ESXi hosts to Active Directory Domain, instead of adding the host explicitly to the AD domain a trust chain can exists between the vSphere Authentication Proxy and the host which allows the authentication proxy to join the host to AD domain.

The vSphere Authentication Proxy service is available on VMware vCenter Server systems by default however is not running, to use the vSphere Authentication service we need to start the same manually through command line or vSphere Web Client.

VMware vSphere Authentication Proxy Service is useful when working with Auto Deploy where we can setup a reference host pointing towards Authentication Proxy Service and configuring a rule that applies this reference host profile to all other ESXi hosts provisioned using Auto Deploy. Using the service we can enhanced the security of ESXi hosts provisioned through Auto Deploy by removing the dependency to store AD credentials in Host Configuration.

When we use the vSphere Authentication Proxy, we do not need to transmit Active Directory credentials to the host. We can provide the domain name of the Active Directory server and the IP address of the authentication proxy server while adding the ESXi host to a domain.

No comments:

Post a Comment