vCenter Server
Connections
Every vCenter Server client application must
connect to the server and pass user account credentials to authenticate to the
server. After the connection has been established, the client application can
use vSphere services to access the virtual environment.
vSphere uses SSL certificates, HTTP tokens, and
vCenter Single Sign-On tokens to authenticate a client and support a persistent
connection between the client and vCenter Server. The following table provides
an overview of these elements.
Security Element
| Description
|
|---|---|
SSL certificates
| vSphere Servers use
standard X.509 version 3 (X.509v3) certificates to encrypt session information
sent over Secure Socket Layer (SSL) protocol connections. In a production
environment, client applications verify the vSphere Server certificate during
the connection sequence. The examples in this chapter and the examples in the
vSphere Web Services SDK accept all certificates.
|
HTTP tokens
| A vSphere Server uses
an HTTP token to identify a client session. The Server provides the HTTP token
in its response to a client connection request. Subsequent messages between the
client and the Server include the HTTP token in the HTTP header.
|
Client authentication
vCenter
Single Sign On token
| vSphere supports
vCenter Single Sign-On. A vCenter client can obtain a vCenter Single Sign-On
token from a vCenter Single Sign-On Server and use that token to login to a
vCenter Server.
|
Client authentication
username/password
| Username/password
authentication for client-server connections. A client can present user
credentials either directly to vCenter Server to establish a session, or to the
vCenter Single Sign-On Service in exchange for a SAML token.
|