Information Technology Reference
In-Depth Information
5.
From the Directory Services Coni guration dialog box, select Active Directory from the
Select Directory Service Type drop-down list.
6.
Supply the DNS domain name of the Active Directory domain this ESXi host will use for
authentication.
7.
Click the Join Domain button.
8.
Specify a username and password that has permission to allow the host to join the
domain.
Once the ESXi host is joined to Active Directory, users will be able to authenticate to an ESXi
host using their Active Directory credentials. Using the vSphere Client or the vCLI, users can
use either the domain\username or username@domain syntax. From the vCLI, users must enclose
the domain\username syntax in double quotes, as in this example:
vicfg-users --server esxi-03.lab.local --username ″lab\administrator″
--entity group --operation list
To further simplify the use of the vMA, you can also coni gure the vMA to use Active
Directory authentication.
Although managing how users authenticate is important, it's also important to control how
users access ESXi hosts. In the next section, we'll examine how you can control access to your
ESXi hosts.
Controlling Access to ESXi Hosts
The second part of the AAA model is authorization, which encompasses access control mecha-
nisms that affect local access or network access. In the following sections, we'll describe the
mechanisms available to you to control access to your ESXi hosts.
Controlling Local Access
ESXi offers direct access via the server console through the Direct Console User Interface, or
DCUI. We've shown you screen shots of the DCUI in various other parts of this topic, such as
Chapter 2.
Access to the DCUI on an ESXi host is limited to users who have the Administrator role on
it. We haven't discussed the concept of roles yet (see “Managing ESXi Host Permissions” later in
this chapter for more details), but this limitation on the DCUI allows you to control who is per-
mitted to access the DCUI. As with other forms of security, it's important to secure access to the
host via the physical server console, and limiting DCUI access to users with the Administrator
role helps accomplish that goal.
Controlling Local CLI Access
ESXi has a CLI environment that is accessible from the server's physical console. However, by
default, this CLI environment—known as the ESXi Shell—is disabled. If you need CLI access to
