Firstly we will need to download the vMA appliance (https://my.vmware.com/web/vmware/details?downloadGroup=VMA55P01&productId=408) and import the OVF file, configure the deployment settings and power on.
Before we start using the vMA we will look at configuring authentication and authorization to simplify the use of the vMA appliance.
Configuring Authentication and Authorization for the vMA
To simplify executing commands agaisnt a remote host you can join the vMA to an Active Directory domain. In order to join the vMA to the domain invoke ‘domainjoin-cli‘ with elevated privelages as below. Once the vMA appliance has been succesfully configured to authenticate to the Active Directory domain you will be required perform a reboot.
domainjoin-cli join dean.local administrator Joining to AD Domain: dean.local With Computer DNS Name: localhost administrator@DEAN.LOCAL's password: Warning: System restart required Your system has been configured to authenticate to Active Directory for the first time. It is recommended that you restart your system to ensure that all applications recognize the new settings. SUCCESS
Now we have enabled the vMA appliance for Active Directory authentication, we need to ensure that each ESXi hosts to be managed by the vMA appliance is also joined to the Active Directory domain, if this is not the case.
This can be achieved by selecting ‘Manage > Authentication Services > Join Domain’ for each managed host suing the Web Client.
Alternatively, I previously wrote an article on how to join multiple ESXi hosts to an Active Directory domain in the following post using PowerCLI – https://deangrant.wordpress.com/2014/07/29/powercli-joining-an-esxi-host-to-an-active-directory-domain/
Once the ESXi host has been joined to the domain you will need to configure permissions on each host for a domain user account or group. Now we will connect to the vMA and connect to one of hosts to retrieve the list of physical network adpaters as below.
esxcfg-nics -l --server deanesxi1.dean.local --username root Enter password: Name PCI Driver Link Speed Duplex MAC Address MTU Description vmnic0 02:00.0 e1000 Up 1000Mbps Full 00:50:56:81:64:c3 1500 Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
However, as we have configured Active Directory for both the vMA and each ESXi hosts, we can use the fastpass functionality so there is no need to add user credentials to be passed to each command. The functionality of fastpass stores the user credentials for future use, by using the below command to add each ESXi host.
localhost:/home/vi-admin # vifp addserver deanesxi1.dean.local --authpolicy adauth Enter username for deanesxi1.dean.local: dean\deangrant
You can confirm a list of servers to which fastpass has been configured for each target ESXi host.
localhost:/home/vi-admin # vifp listservers deanesxi1.dean.local ESXi
Once fastpass is configured, you can connect to the the target host and invoke your command without the need to enter user credentials, as below to retrieve the list of physical network adapters.
vifptarget -s deanesxi1.dean.local [deanesxi1.dean.local]# vicfg-nics -l Name PCI Driver Link Speed Duplex MAC Address MTU Description vmnic0 02:00.0 e1000 Up 1000Mbps Full 00:50:56:81:64:c3 1500 Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
Deans Blog 