Using OME to monitor ESXi5 hosts in secure environments. Is root required ,etc..
When using OME to monitor ESXi5 ( after installing the OMSA VIB)
The general question is this--- How is authentication handled?
Many companies do not allow root access to ESXi hosts, and many also have a no local account policy.
Is a local ESXi account required?
Can a non root account be used?
Can an active directory account be used if the host is joined to a domain?
Can authentication flow through virtual center? - If it can does it matter if some of the hosts will be monitored by OME and other hosts monitored by their respective Vendor hardware monitoring solutions?
If an account is needed is there a procedure in OME to follow when the password changes?
Re: Using OME to monitor ESXi5 hosts in secure environments. Is root required ,etc..
Thanks for your post.
OME does need the credentials for an accout on the ESXi host to communicate and gather the discovery/inventory/health information. The account doesn't have to have root privileges. It can be a read-only accout on the ESXi host.
OME does not do authentication through virtual center. It directly talks to the ESXi host to get the information. You can manage some hosts through OME and others through other vendors monitoring solution.
If the password changes for an account which is used for discovery/inventory, you can edit the discovery range for those hosts and update the password in OME discovery wizard.