Add Target Servers to vMA

Add Target Servers to vMA

After you configure vMA, you can add target servers that run the supported vCenter Server or ESXi version.

For vCenter Server and ESXi system targets, you must have the name and password of a user who can connect to that system.

See vifp addserver for the complete syntax.

To add a vCenter Server system as a vMA target for Active Directory Authentication

1

Log in to vMA as vi‑admin.

2

Add a server as a vMA target by running the following command:

vifp addserver vc1.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1

Here, --authpolicy adauth indicates that the target needs to use the Active Directory authentication.

If you run this command without the --username option, vMA prompts for the name of the user that can connect to the vCenter Server system. You can specify this user name as shown in the following example:

Enter username for machinename.example.com: ADDOMAIN\user1

If --authpolicy is not specified in the command, then fpauth is taken as the default authentication policy.

3

Verify that the target server has been added.

The display shows all target servers and the authentication policy used for each target.

vifp listservers --long

server1.mycomp.com             ESX        adauth

server2.mycomp.com             ESX        fpauth

server3.mycomp.com             ESXi       adauth

vc1.mycomp.com                vCenter     adauth

4

Set the target as the default for the current session:

vifptarget --set | -s <server>

5

Verify that you can run a vSphere CLI command without authentication by running a command on one of the ESXi hosts, for example:

esxcli --server <VC_server> --vihost <esx_host> network nic list

The command runs without prompting for authentication information.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

To add a vCenter Server system as a vMA target for fastpass Authentication

1

Log in to vMA as vi‑admin.

2

Add a server as a vMA target by running the following command:

vifp addserver vc2.mycomp.com --authpolicy fpauth

Here, --authpolicy fpauth indicates that the target needs to use the fastpass authentication.

3

Specify the username when prompted:

Enter username for machinename.example.com: MYDOMAIN\user1

4

Specify the password for that user when prompted.

[email protected]'s password: <not echoed to screen>

5

Review and accept the security risk information.

6

Verify that the target server has been added.

The display shows all target servers and the authentication policy used for each target.

vifp listservers --long

server1.mycomp.com             ESX        adauth

server2.mycomp.com             ESX        fpauth

server3.mycomp.com             ESXi       adauth

vc1.mycomp.com                vCenter     adauth

vc2.mycomp.com                vCenter     fpauth

7

Set the target as the default for the current session.

vifptarget --set | -s <server>

8

Verify that you can run a vSphere CLI command without authentication by running a command on one of the ESXi hosts, for example:

esxcli --server <VC_server> --vihost <esx_host> network nic list

The command runs without prompting for authentication information.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

To add an ESXi host as a vMA target for Active Directory Authentication

1

Log in to vMA as vi‑admin.

2

Add an ESXi server as a vMA target by running the following command:

vifp addserver server3.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1

Here, --authpolicy adauth indicates that the target needs to use the Active Directory authentication.

If you run this command without the --username option, vMA prompts for the name of the user that can connect to the ESXi Server. You can specify this user name as shown in the following example:

Enter username for machinename.example.com: ADDOMAIN\user1

If --authpolicy is not specified in the command, then fpauth is taken as the default authentication policy.

3

Verify that the target server has been added.

The display shows all target servers and the authentication policy used for each target.

vifp listservers --long

server1.mycomp.com             ESX        adauth

server2.mycomp.com             ESX        fpauth

server3.mycomp.com             ESXi       adauth

vc1.mycomp.com                vCenter     adauth

4

Set the target as the default for the current session:

vifptarget --set | -s <server>

5

Verify that you can run a vSphere CLI command without authentication by running a command, for example:

esxcli network nic list

The command runs without prompting for authentication information.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

To add an ESXi host as a vMA target for fastpass Authentication

1

Log in to vMA as vi‑admin.

2

Add an ESXi Server as a vMA target by running the following command:

vifp addserver server2.mycomp.com --authpolicy fpauth

Here, --authpolicy fpauth indicates that the target needs to use the fastpass authentication.

You are prompted for the target server’s root user password.

root@<servername>’s password:

3

Specify the root password for the ESXi host that you want to add.

vMA does not retain the root password. Instead, vMA adds vi-admin and vi-user to the ESXi host, and stores the obfuscated passwords that it generates for those users in the VMware credential store.

In a vSphere client connected to the target server, the Recent Tasks panel displays information about the users that vMA adds. The target server’s Users and Groups panel displays the users if you select it.

Caution Remove users added by vMA from the target server only if you have deleted the vMA virtual machine but did not remove the target servers.

4

Review and accept the security risk information.

5

Verify that the target server has been added.

The display shows all target servers and the authentication policy used for each target.

vifp listservers --long

server1.mycomp.com             ESX        adauth

server2.mycomp.com             ESX        fpauth

server3.mycomp.com             ESXi       adauth

vc1.mycomp.com                vCenter     adauth

vc2.mycomp.com                vCenter     fpauth

6

Set the target as the default for the current session.

vifptarget --set | -s <server>

7

Verify that you can run a vSphere CLI command without authentication by running a command, for example:

esxcli network nic list

The command runs without prompting for authentication information.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

	Caution Remove users added by vMA from the target server only if you have deleted the vMA virtual machine but did not remove the target servers.

Important If the name of a target server changes, you must remove the target server by using vifp removeserver with the old name, then add the server using vifp addserver with the new name.

Help us improve this information. Send feedback to [email protected].