Set Up VMware Authentication

Create VMware records to perform authenticated mapping and scanning of VMware vSphere components running VMware ESXi 4.x, 5.x and 6.x, and ESX 3.5 and above. VMware authentication is supported for maps, vulnerability scans and compliance scans. For authenticated maps, the discovery includes only ESXi hosts and the map results identify detected ESXi servers and their guest systems.

Want to launch scans on ESXi hosts using vCenter?

Under Login Credentials, choose the "Use vCenter" option. Under IPs, enter your ESXi IP addresses. You'll also need a vCenter authentication record with the vCenter IP addresses that map to your ESXi hosts.

Click here for complete steps >>

Credentials to use

You'll need to provide a service credential with at least Read-Only access to your ESXi hosts. Certain additional privileges are also required.

Learn more >>

Authenticated maps

If you run a map using VMware authentication, we'll use a vSphere API call to retrieve a list of virtual guest hosts residing on a VMware server. Only running virtual guests will be enumerated by the vSphere API and shown in your map results. Note only virtual guests that have VMware Tools installed appear in map results.

Communications with VMware

We establish communication against the vSphere API/VI API (port 443 by default) which is provided by each ESXi host. The vSphere API is a SOAP API used by all vSphere components. Note this is the same API which the VI Client uses to communicate with ESXi hosts. Routing and firewalls between scanner appliances and this API must allow this communication.

Help with the record settings

What do I enter in the Username field?

What do I enter in the Hosts field?

Tell me about certificate validation options

Tell me about the Port setting

Want to access the account password from your password vault?

Which IPs should I add to my record?

Important Notes for Unit Managers

Learn more

Why use host authentication | VMware Auth PDF Icon