To establish a connection between the PowerShell plug-in and Windows PowerShell, you must configure WinRM to use one of the supported communication protocols.
The PowerShell plug-in supports Windows Remote Management (WinRM) 2.0 as a management protocol.
| Authentication method | Details |
|---|---|
| Basic | Non-secure authentication mechanism that requires a user name and a password. |
| Kerberos | Secure authentication protocol that uses tickets to verify the identity of the client and the server. |
WinRM Through HTTP
The PowerShell plug-in supports communication with the WinRM host through the HTTP protocol. Although WinRM authenticates the communication, the data transfer is not encrypted and is sent as plain text on the network. You should use the HTTP protocol if IPSec is configured between the machines that communicate.
To use Basic authentication, you must set the AllowUnencrypted property to true in both the service and client WinRM configuration. For an example of HTTP configuration, see Configure WinRM to Use HTTP.
WinRM Through HTTPS
The PowerShell plug-in supports communication with the WinRM host through the HTTPS protocol. You can use the HTTPS protocol as a more secure communication method.
To use the HTTPS protocol, you must generate a certificate for server authentication and install the certificate on the WinRM host. For an example of HTTPS configuration, see Configure WinRM to use HTTPS.
Kerberos authentication
You can use Kerberos authentication when you add and manage a PowerShell host. With Kerberos authentication, domain users can run commands on remote PowerShell-enabled machines over WinRM.
winrm quickconfig
winrm set winrm/config/service/auth '@{Kerberos="true"}'
winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}
For more information, see Configure Kerberos authentication for vRealize Orchestrator plug-ins.
