Connecting VMware ESXi to a Directory Service
You can use PowerBroker Identity Services Enterprise Edition to connect a VMware ESXi 4.1 hypervisor to a directory service -- Microsoft Active Directory. Since Likewise is included with VMware ESXi 4.1, you do not need to install Likewise on the host. Connecting VMware ESXi hosts to Active Directory can help secure them, limit access to Active Directory users and groups, and unify management of your hypervisors.
The following procedure assumes that you have set up an Active Directory domain, DNS servers, and other aspects of your network in a way that allows the VMware ESXi host to communicate with the Active Directory domain controllers. In particular, make sure that the following prerequisites are in place:
- Make sure the host name of ESXi is fully qualified with the AD domain name.
- Synchronize the time on the ESXi host with that of the AD domain controllers.
- Make sure that the DNS servers you set up for the host can resolve the host names of the Active Directory
domain controllers.
See your vSphere Client documentation for information on how to use the DNS and Routing Configuration dialog box to modify the host name and the DNS
server for the host. You might also want to read the VMware ESXi Configuration Guide, especially the sections on how to configure a host to use a directory service and how to add a host to a directory domain.
Once your network and your VMware ESXi host are configured to communicate with Active Directory, you are ready to join a ESXi host to the domain.
| 1 |
Make sure the vSphere Client is connected to a vCenter Server system or to the host. |
| 2 |
Select a host in the vSphere Client inventory and click the Configuration tab. |
| 3 |
Under Software, select Authentication Services and click Properties. |
| 4 |
In the Directory Services Configuration dialog box, select the type of authentication -- Active Directory -- from the drop-down menu. Enter a domain in the form of the domain name (for example, likewisedemo.com) to create an account under the default container or enter a path to an organizational unit in the form of name.tld/container/path (for example, likewisedemo.com/engineering/servers) to create an account in the organizational unit that you want. |
| 5 |
Click Join Domain. |
| 6 |
Enter the user name and password of an Active Directory user who has permissions to join the host to the
domain and click OK. (For information about permissions, see the Microsoft documentation for Active Directory.) |
| 7 |
Click OK to close the Directory Services Configuration dialog box. |
You can now log on the host by using an Active Directory domain account that has permissions to access the host and is within the scope of the AD container to which you joined it.