Configuring single sign-on to log into VirtualCenter

Beginning with VirtualCenter 2.5 Update 2, VMware has provided the ability to pass your currently logged-in Windows domain credentials to VirtualCenter using the VMware Infrastructure Client so you no longer have to log in to VirtualCenter separately. To do this you can create a special shortcut for VirtualCenter on your workstation as outlined below:
1. Create a new shortcut on the desktop of the PC that you want to setup single sign-on for VirtualCenter.
2. In the Create Shortcut Wizard, click Browse and navigate to the location of the VpxClient.exe program and click OK. (By default it is located in C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\)
3. After the full path is in the Location field append
-passthroughAuth -s <VirtualCenter Server hostname>
to the end of the line, where <VirtualCenter Server hostname>
is the hostname or IP Address of the VirtualCenter instance you want to connect to.
4. Click Next and give a name for the shortcut and then click Finish. Once you double-click on the newly created shortcut you will be logged into VirtualCenter using your currently logged-in Windows credentials.
If you choose to use this convenient feature, make sure you take precautions to prevent someone from accessing an un-locked workstation and connecting to VirtualCenter using your credentials.
If you log into shared workstations make sure you log out when done. If you do not all someone has to do is open a browser and access the default page on any ESX or VirtualCenter server to download and install the VMware nfrastructure Client on that workstation and they can log in to VirtualCenter as you and access anything you have access to.
Anytime you leave your workstation make sure you lock it, you can make a shortcut for doing this in one mouse click or use the Windows and L keystroke combination. Also make sure you have your workstation set to automatically lock at a minimum of 15 minutes of idle time as protection in case you forgot to lock it when you walk away.
For more information on this feature including hot to change the default Security Support Provider Interface (SSPI) that is used see VMware KB article #1006611.
 Comment on this Post