Connecting to VMWare

The EmpowerID VMWare connector allows organizations to inventory and manage the Virtual Machines, ESX servers and templates hosted in their VMWare VCenters. These management actions include the following:

  • Start - This action powers on or awakens any targeted machines currently powered off or in a suspended state and marks those machines as running.
  • Stop - This action powers off any targeted machines currently running and marks those machines as stopped.
  • Reboot - This actions reboots the guest OS on any targeted machines. The targeted machines must be running for this action to have effect.
  • Shutdown - This action shuts down the guest OS on any targeted machines. The targeted machines must be running for this action to have effect.
  • Suspend - This action suspends any targeted machines. The targeted machines must be running for this action to have effect.
  • Unregister - This action removes the virtual machine from EmpowerID's inventory. The targeted machine must be powered off for this action to have effect. If the machine is running, an exception occurs.
  • Reset - This action resets power on any targeted machines. The targeted machines must be running in an unsuspended state for this action to have effect.
  • Create Snapshot - This action creates a new snapshot of any targeted machines.
  • Revert Virtual Machine to Current Snapshot - This action reverts any targeted machines to the most current snapshot. The targeted machine must have a current snapshot for this action to have effect. If the machine does not have a current snapshot, an exception occurs.
EmpowerID store a record for each inventoried VCenter instance in the Computer table of the EmpowerID Identity Warehouse.
Prerequisites: In order to connect EmpowerID to VMWare, you need to provide EmpowerID with the following information:

  • The username and password of the VCenter administrator account
  • The VCenter Server name

These values are used by EmpowerID to inventory and manage the machines in your VCenter.

Additionally, for EmpowerID to successfully inventory your VMWare Center, you need to import the VMWare certificate to the Personal and Trusted Root Authorities certificate stores on your EmpowerID server. If you do not, a "Could not create SSL/TLS secure channel" error will occur.

To connect EmpowerID to VMWare

  1. Log in to the EmpowerID Management Console as an administrator.
  2. From the EmpowerID Management Console, click the EmpowerID icon, and select Configuration Manager from the menu.
  3. In Configuration Manager, expand the User Directories node in the navigation tree, and then click Account Stores.
  4. Click the Add New button above the grid.
  5. In the Add New Security Boundary window that opens, select the VMWare VCenter Security Boundary type from the drop-down list and then click OK.
  6. In the Account Store Details window that appears, do the following:
    1. Type a name for the connector in the Account Store Name field.
    2. Type the administrative user in the User Name field.
    3. Type the password for the administrative user in the Password field.
    4. Type name of the VCenter server to which you want to connect in the Server Name field.
    5. Click Save.
  7. Back in the main screen of Configuration Manager, locate the record for the VMWare account store you just created and either double-click it or right-click it and select Edit from the context menu.
  8. From the Inventory pane of the the Account Store Details screen that appears, enable EmpowerID to inventory your VCenter by toggling the Enable Inventory button from a red sphere to a green check.
After EmpowerID inventories your VCenter, you can manage the virtual machines in that VCenter. For more information, see Managing VMWare VCenter Instances.
In EmpowerID, all resources belong to a location, which is a container that can be used for managing access to resources. For VMWare, the default path to this location is Anywhere/Default Organization/All IT Systems/VMWare/TheNameOfTheAccountStore. All virtual machines belonging to the ESX host belong to the location of that host. Thus in the above example, the ESX host and all machines on the host are assigned to the Anywhere/Default Organization/All IT Systems/VMWare/Corp_VMWare location.