A CIM client must authenticate before it can access data or perform operations on an ESXi host. The client can authenticate in one of the following ways.

• Directly with the CIMOM on the managed host by supplying a valid user name and password for an account that is defined on the managed host.
• With a sessionId that the CIMOM accepts in place of the user name and password. The sessionId (called a “ticket”) can be obtained by invoking the AcquireCimServicesTicket() method on VMware vCenter™ Server.

As a best practice, use CIM ticket authentication for servers managed by vCenter. If the managed host is operating in lockdown mode, the CIMOM does not accept new authentication requests from CIM clients. However, the CIMOM does continue to accept a valid ticket obtained from vCenter Server.

The ticket must be obtained by using the credentials of any user that has administrative privileges on vCenter Server. For more information about CIM ticket authentication, see the VMware technical note CIM Authentication for Lockdown Mode.