Authentication and Authorization for ESXi and vCenter Server

Several server-side mechanisms authenticate a human user when a client application, such as the vSphere Client or a vSphere Web Services SDK application, connects to the server. Because ESXi uses Linux-based authentication, and vCenter Server ran on Windows, the two systems can use different approaches for handling user accounts. The following illustration shows two different user management mechanisms associated with the VMware vSphere server.

Managed Objects for Handling User Accounts

These services work together to ensure that only authenticated users can connect to ESXi or vCenter Server systems, and that they can access only those objects—folders, virtual machines, datacenters, virtual services, and so on—for which they have the required privileges and which they are authorized to use or to view.

In addition, the vSphere Web Services SDK supports automated login through a credential store. See Using the Credential Store for Automated Login.

Authentication and Authorization

ESXi User Model

vCenter Server User Model

vSphere Security Model

Setting Up Users, Groups, and Permissions

Content feedback and comments

VMware vSphere SDKs and Tools 8.0

Authentication and Authorization for ESXi and vCenter Server