You can configure multiple virtual machines to use a virtual shared smart card reader for smart card authentication. The smart card reader must be connected to a client computer on which the vSphere Client runs. All smart card readers are treated as USB devices.

A license is required for the shared smart card feature. See vCenter Server and Host Management.

When you log out of Windows XP guest operating systems, to log back in, you must remove the smart card from the smart card reader and re-add it. You can also disconnect the shared smart card reader and reconnect it.

If the vSphere Client disconnects from the vCenter Server or host, or if the client computer is restarted or shut down, the smart card connection breaks. For this reason, it is best to have a dedicated client computer for smart card use.

To connect a USB smart card reader that is not shared, see USB Configuration from a Client Computer to a Virtual Machine.


  • Verify that the smart card reader is connected to the client computer.
  • Verify that the virtual machine is powered on.
  • Verify that a USB controller is present.
  • Required Privilege: Virtual machine.Configuration.Add or remove device


  1. Navigate to a datacenter, folder, cluster, resource pool, host, or vApp, and click the Related Options tab and click Virtual Machines.
  2. Select a virtual machine, click it again, and click the Summary tab.
  3. Click the USB icon on the right side of USB Devices under VM Hardware, and select an available shared smart card reader from the drop down menu.
    Select a device that appears as Shared the model name of your smart card reader followed by a number.
    A Connecting label and a spinner appear showing that a connection is in progress. When the device has successfully connected and the Summary tab refreshes, the device is connected and the device name appears next to USB Devices.


You can now use smart card authentication to log in to virtual machines in the vSphere Client inventory.