6.5.1
Table Of Contents
- vCenter Server Appliance Configuration
- Contents
- About vCenter Server Appliance Configuration
- Updated Information
- vCenter Server Appliance Overview
- Using the Appliance Management Interface to Configure the vCenter Server Appliance
- Log In to the vCenter Server Appliance Management Interface
- View the vCenter Server Appliance Health Status
- Reboot or Shut Down the vCenter Server Appliance
- Export a Support Bundle
- Enable or Disable SSH and Bash Shell Access
- Configure the DNS, IP Address, and Proxy Settings
- Configure the System Time Zone and Time Synchronization Settings
- Change the Password and Password Expiration Settings of the Root User
- Redirect vCenter Server Appliance Log Files to Another Machine
- Monitor Network Use
- Monitor CPU and Memory Use
- Monitor Database Use
- Using the vSphere Web Client to Configure the vCenter Server Appliance
- Join the vCenter Server Appliance to an Active Directory Domain
- Leave an Active Directory Domain
- Add a User to the SystemConfiguration.BashShellAdministrators Group
- Edit Access Settings to the vCenter Server Appliance
- Edit the DNS and IP Address Settings of the vCenter Server Appliance
- Edit the Firewall Settings of the vCenter Server Appliance
- Edit the Startup Settings of a Service
- Start, Stop, or Restart Services in the vCenter Server Appliance
- View the Health Status of Services and Nodes
- Edit the Settings of Services
- Export a Support Bundle
- Using the Appliance Shell to Configure the vCenter Server Appliance
- Access the Appliance Shell
- Enable and Access the Bash Shell from the Appliance Shell
- Keyboard Shortcuts for Editing Commands
- Get Help About the Plug-Ins and API Commands in the Appliance
- Plug-Ins in the vCenter Server Appliance Shell
- Browse the Log Files By Using the showlog Plug-In
- API Commands in the vCenter Server Appliance Shell
- Configuring SNMP for the vCenter Server Appliance
- Configuring Time Synchronization Settings in the vCenter Server Appliance
- Managing Local User Accounts in the vCenter Server Appliance
- User Roles in the vCenter Server Appliance
- Get a List of the Local User Accounts in the vCenter Server Appliance
- Create a Local User Account in the vCenter Server Appliance
- Update the Password of a Local User in the vCenter Server Appliance
- Update a Local User Account in the vCenter Server Appliance
- Delete a Local User Account in the vCenter Server Appliance
- Monitor Health Status and Statistics in the vCenter Server Appliance
- Using the vimtop Plug-In to Monitor the Resource Use of Services
- Using the Direct Console User Interface to Configure the vCenter Server Appliance
- Log In to the Direct Console User Interface
- Change the Password of the Root User
- Configure the Management Network of the vCenter Server Appliance
- Restart the Management Network of the vCenter Server Appliance
- Enable Access to the Appliance Bash Shell
- Access the Appliance Bash Shell for Troubleshooting
- Export a vCenter Server Support Bundle for Troubleshooting
- Index
12 Select Active Directory (Integrated Windows Authentication), enter the identity source seings of the
joined Active Directory domain, and click OK.
Table 3‑1. Add Identity Source Settings
Text Box Description
Domain name FDQN of the domain. Do not provide an IP address in
this text box.
Use machine account Select this option to use the local machine account as the
SPN. When you select this option, you specify only the
domain name. Do not select this option if you expect to
rename this machine.
Use Service Principal Name (SPN) Select this option if you expect to rename the local
machine. You must specify an SPN, a user who can
authenticate with the identity source, and a password for
the user.
Service Principal Name (SPN) SPN that helps Kerberos to identify the Active Directory
service. Include the domain in the name, for example,
STS/example.com.
You might have to run setspn -S to add the user you
want to use. See the Microsoft documentation for
information on setspn.
The SPN must be unique across the domain. Running
setspn -S checks that no duplicate is created.
User Principal Name (UPN) Name of a user who can authenticate with this identity
source. Use the email address format, for example,
jchin@mydomain.com. You can verify the User Principal
Name with the Active Directory Service Interfaces Editor
(ADSI Edit).
Password Password for the user who is used to authenticate with
this identity source, which is the user who is specied in
User Principal Name. Include the domain name, for
example, jdoe@example.com.
On the Identity Sources tab, you can see the joined Active Directory domain.
What to do next
You can congure permissions for users and groups from the joined Active Directory domain to access the
vCenter Server components. For information about managing permissions, see the vSphere Security
documentation.
Leave an Active Directory Domain
After you joined the vCenter Server Appliance, you can log in to the vSphere Web Client and set up the
vCenter Server Appliance to leave the Active Directory domain.
Prerequisites
Verify that the user who logs in to the vCenter Server instance in the vCenter Server Appliance is a member
of the SystemConguration.Administrators group in vCenter Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
Chapter 3 Using the vSphere Web Client to Configure the vCenter Server Appliance
VMware, Inc. 23