Set Up vCenter Authentication
Create vCenter records to perform authenticated mapping and scanning of your ESXi hosts through vCenter. To get started, go to Scans > Authentication > New > VMware > vCenter.
Before you scan the ESXi assets, you need to authenticate with the vCenter credentials in the vCenter record and identify ESXi hosts managed by the vCenter through mappings.
Which technologies are supported?
For the most current list of supported authentication technologies and the versions that have been certified for VM and PA by record type, please refer to the following article:
Authentication Technologies Matrix
Login credentials
You'll need a vCenter account with at least Read-Only access to your ESXi hosts. Certain additional privileges are also required.
vCenter IP addresses
Request a list of vCenter IP addresses from your VMware administrator and include those IPs in the vCenter record.
Do you have Tag Support enabled?
If your subscription has Tag Support for Authentication Records enabled, then you'll see additional options for specifying hosts using asset tags. Choose an asset type and then provide IPs or tags to the record. Your asset type options are: IPs/Ranges, IP Range in Tag Rule and Asset Tags.
For domain level authentication, you can only add assets when the domain type is NetBIOS, User-Selected IPs. The Assets section is disabled when the domain type is NetBIOS, Service-Selected IPs, or Active Directory.
Asset Type: IPs/Ranges
Use this option to add IP addresses/ranges to the record. Enter the IP addresses/ranges in the field provided.
Asset Type: IP Range in Tag Rule
Use this option to add tags that have IP address ranges defined in the tag rule. All IP addresses defined in the tag rule will be associated with the record, including IPs that don’t already have the tag assigned. Click Add Tag to pick tags to include or exclude. Note that only tags with the dynamic tag rule “IP Address in Range(s)” will be available in the tag selector.
Asset Type: Asset Tags
Use this option to add tags to the record for the assets you want included. IP addresses with the selected tags already assigned will be associated with the record. Click Add Tag to pick tags to include or exclude.
Learn more about tag support for authentication records
Target configuration
Update the settings to match your environment.
Communicating with VMware
We establish communication against the vSphere API/VI API (port 443 by default) which is provided by each vCenter host. The vSphere API is a SOAP API used by all vSphere components. Note this is the same API which the VI Client uses to communicate with vCenter hosts. Routing and firewalls between scanner appliances and this API must allow this communication.