- How to use VMware vSAN ReadyNode Configurator - Fri, Dec 17 2021
- VMware Tanzu Kubernetes Toolkit version 1.3 new features - Fri, Dec 10 2021
- Disaster recovery strategies for vCenter Server appliance VM - Fri, Nov 26 2021
The previous releases of this plug-in had more functions and features, but VMware striped this down to keep just two major functions: Windows authentication and the ability to use smart cards in your environment.
Now, with vSphere 7.0, this plug-in still provides integrated Windows authentication and smart card functionality for Windows-based systems only. If you want to use one or both of those functions, you will have to install the plug-in.
If you don't use integrated Windows authentication, which means that you'll have to type in the user name and password every time you login, and your organization does not use smart cards, then you can simply ignore the installation.
Note: If you have upgraded your environment and you still have the Client Integration plug-in from vSphere 6.0, you can keep it along with the Enhanced Authentication Plug-in (EAP). You'll be able to use both without conflicts.
Additional considerations
If you're using Microsoft Active Directory Federation Services with vSphere 7.0, the EAP is used only in a particular use case in which vCenter Server is the identity provider. This means that you configure Microsoft Active Directory (AD) over LDAP or Integrated Windows Authentication, or OpenLDAP.
The installation is simple. When you connect to your vCenter Server, look at the lower left of your connection window and you'll see a link to download and install the plug-in.
Note: This link is a public internet link, so that you'll be downloading this file directly from VMware. Here is the exact link available from the vSphere Web client (executable).
Make sure that you're using one of the supported browsers and versions. If you use Microsoft Internet Explorer, disable Protected Mode and enable pop-up windows before installation; otherwise, the plug-in won't fully install.
If the browser blocks the installation by issuing certificate errors or running a pop-up blocker, you'll need to follow the browser's help instructions in order to resolve the problem.
Since vSphere 7.0 no longer relies on Adobe Flash, all major modern browsers supporting HTML5 are basically supported. These include Microsoft Edge, Internet Explorer (not really modern), Google Chrome, and Safari. In the lab, I also tested Opera and Brave without issues.
However, there is an issue with Firefox version 54 and higher. As this browser uses secure web sockets, the certificate for the site needs to be trusted. Firefox does not allow importing self-signed certificates into a Certificate Authorities store. If you would like to use Firefox, you might want to consider checking VMware KB70914 for the latest resolution.
Download VMware Enhanced Authentication Plug in
After downloading, simply execute the file to install it on your Windows management workstation.
What a surprise to see that when you run vSphere 7.0 in the lab, the version of the Enhanced Authentication Plug-in that is downloaded is actually version 6.7! It seems either VMware hasn't improved or enhanced this plug-in since vSphere 6.7, or there is no new functionality needed.
Note that you still have to install two plug-ins, one after the other.
Still two plug-ins to install
When Windows installer finishes the installation, you'll have to restart your browser.
VMware Authentication Plug-in install
There is no MSI package available from VMware, so if you want to deploy this on a large number of workstations, you'll have to seek a solution. There might be a way to create an MSI from the EXE; however, the first installer triggers the second installer, so this is another difficulty.
It is possible to execute silent installation and to trigger the installer via a script. In this case, you'll need to use some command line switches for this Windows installer and do some testing. The details of this kind of installation are outside the scope of this post.
Conclusion
The vSphere Enhanced Authentication Plug-in is not a mandatory plug-in to install. However, if you want to use integrated Windows authentication and smart card functionality, you have to install it on your workstation.
You don't absolutely need it if you don't use smart cards or are willing to use Windows authentication. It might just increase your burden if the latest browser you're using is not supported yet.
Subscribe to 4sysops newsletter!
In the past, the plug-in had more features and possibilities, such as the OVF tool, remote devices, file upload/download, content library, client-side logging, and config. But those are no longer present. VMware clearly moved most of its functionality to the server side, so those functionalities are now part of vCenter Server.
