Install vSphere Authentication Proxy to enable ESXi hosts to join a domain without using Active Directory credentials. vSphere Authentication Proxy enhances security for PXE-booted hosts and hosts that are provisioned using Auto Deploy, by removing the need to store Active Directory credentials in the host configuration.
Before you begin
Install vSphere Auto Deploy. See Install or Upgrade vSphere Auto Deploy.
Verify that you have administrator privileges.
Verify that the host machine has Windows Installer 3.0 or later.
Verify that the host machine has a supported processor. vSphere Authentication Proxy supports the same processors as vCenter Server. See Hardware Requirements for vCenter Server, the vSphere Web Client, vCenter Inventory Service, and vCenter Single Sign-On.
Verify that the host machine has Windows Server 2008 R2. Because of an issue with IIS 8.x, you cannot install vSphere Authentication Proxy on Windows Server 2012.
Verify that the host machine has a valid IPv4 address. You can install vSphere Authentication Proxy on a machine in an IPv4-only or IPv4/IPv6 mixed-mode network environment, but you cannot install vSphere Authentication Proxy on a machine in an IPv6-only environment.
If you are installing vSphere Authentication Proxy on a Windows Server 2008 R2 host machine, download and install the Windows hotfix described in Windows KB Article 981506 on the support.microsoft.com Web site. If this hotfix is not installed, the vSphere Authentication Proxy Adapter fails to initialize. This problem is accompanied by error messages in camadapter.log similar to Failed to bind CAM website with CTL and Failed to initialize CAMAdapter.
Gather the following information to complete the installation or upgrade:
The location to install vSphere Authentication Proxy, if you are not using the default location.
The address and credentials for the vCenter Server that vSphere Authentication Proxy will connect to: IP address or name, HTTP port, user name, and password.
The host name or IP address to identify vSphere Authentication Proxy on the network.
About this task
If an earlier version of the vSphere Authentication Proxy is installed on your system, this procedure upgrades the vSphere Authentication Proxy to the current version.
You can install vSphere Authentication Proxy on the same machine as the associated vCenter Server, or on a different machine that has network connection to the vCenter Server. The vSphere Authentication Proxy is not supported with vCenter Server versions earlier than version 5.0.
The vSphere Authentication Proxy service binds to an IPv4 address for communication with vCenter Server, and does not support IPv6. The vCenter Server can be on a host machine in an IPv4-only, IPv4/IPv6 mixed-mode, or IPv6-only network environment, but the machine that connects to the vCenter Server through the vSphere Web Client must have an IPv4 address for the vSphere Authentication Proxy service to work.
- On the host machine where you will install the vSphere Authentication Proxy service, install the .NET Framework 3.5.
- Install vSphere Auto Deploy.
You do not have to install Auto Deploy on the same host machine as the vSphere Authentication Proxy service.
- Add the host machine where you will install the authentication proxy service to the domain.
- Use the Domain Administrator account to log in to the host machine.
- In the software installer directory, double-click the autorun.exe file to start the installer.
- Select vSphere Authentication Proxy and click Install.
- Follow the wizard prompts to complete the installation or upgrade.
During installation, the authentication service registers with the vCenter Server instance where Auto Deploy is registered.
When you install the vSphere Authentication Proxy service, the installer creates a domain account with appropriate privileges to run the authentication proxy service. The account name begins with the prefix CAM- and has a 32-character, randomly generated password associated with it. The password is set to never expire. Do not change the account settings.
What to do next
Configure ESXi to use vSphere Authentication Proxy to join a domain. See the vSphere Security documentation.