VMware Enhanced Authentication Plug-in—Why do we still need it with vSphere 7.0?

This little plug-in has existed even before vSphere 6.0. While it has always been annoying for some users because it had some bugs, they have been ironed out. The vSphere 6.5 release replaced that Client Integration Plug-in with an Enhanced Authentication Plug-in.
Contents of this article

The previous releases of this plug-in had more functions and features, but VMware striped this down to keep just two major functions: Windows authentication and the ability to use smart cards in your environment.

Now, with vSphere 7.0, this plug-in still provides integrated Windows authentication and smart card functionality for Windows-based systems only. If you want to use one or both of those functions, you will have to install the plug-in.

If you don't use integrated Windows authentication, which means that you'll have to type in the user name and password every time you login, and your organization does not use smart cards, then you can simply ignore the installation.

Note: If you have upgraded your environment and you still have the Client Integration plug-in from vSphere 6.0, you can keep it along with the Enhanced Authentication Plug-in (EAP). You'll be able to use both without conflicts.

Additional considerations ^

If you're using Microsoft Active Directory Federation Services with vSphere 7.0, the EAP is used only in a particular use case in which vCenter Server is the identity provider. This means that you configure Microsoft Active Directory (AD) over LDAP or Integrated Windows Authentication, or OpenLDAP.

The installation is simple. When you connect to your vCenter Server, look at the lower left of your connection window and you'll see a link to download and install the plug-in.

Note: This link is a public internet link, so that you'll be downloading this file directly from VMware. Here is the exact link available from the vSphere Web client (executable).

Make sure that you're using one of the supported browsers and versions. If you use Microsoft Internet Explorer, disable Protected Mode and enable pop-up windows before installation; otherwise, the plug-in won't fully install.

If the browser blocks the installation by issuing certificate errors or running a pop-up blocker, you'll need to follow the browser's help instructions in order to resolve the problem.

Since vSphere 7.0 no longer relies on Adobe Flash, all major modern browsers supporting HTML5 are basically supported. These include Microsoft Edge, Internet Explorer (not really modern), Google Chrome, and Safari. In the lab, I also tested Opera and Brave without issues.

However, there is an issue with Firefox version 54 and higher. As this browser uses secure web sockets, the certificate for the site needs to be trusted. Firefox does not allow importing self-signed certificates into a Certificate Authorities store. If you would like to use Firefox, you might want to consider checking VMware KB70914 for the latest resolution.

Download VMware Enhanced Authentication Plug in

Download VMware Enhanced Authentication Plug in

After downloading, simply execute the file to install it on your Windows management workstation.

What a surprise to see that when you run vSphere 7.0 in the lab, the version of the Enhanced Authentication Plug-in that is downloaded is actually version 6.7! It seems either VMware hasn't improved or enhanced this plug-in since vSphere 6.7, or there is no new functionality needed.

Note that you still have to install two plug-ins, one after the other.

Still two plug-ins to install

Still two plug-ins to install

When Windows installer finishes the installation, you'll have to restart your browser.

VMware Authentication Plug-in install

VMware Authentication Plug-in install

There is no MSI package available from VMware, so if you want to deploy this on a large number of workstations, you'll have to seek a solution. There might be a way to create an MSI from the EXE; however, the first installer triggers the second installer, so this is another difficulty.

It is possible to execute silent installation and to trigger the installer via a script. In this case, you'll need to use some command line switches for this Windows installer and do some testing. The details of this kind of installation are outside the scope of this post.

Conclusion ^

The vSphere Enhanced Authentication Plug-in is not a mandatory plug-in to install. However, if you want to use integrated Windows authentication and smart card functionality, you have to install it on your workstation.

You don't absolutely need it if you don't use smart cards or are willing to use Windows authentication. It might just increase your burden if the latest browser you're using is not supported yet.

In the past, the plug-in had more features and possibilities, such as the OVF tool, remote devices, file upload/download, content library, client-side logging, and config. But those are no longer present. VMware clearly moved most of its functionality to the server side, so those functionalities are now part of vCenter Server.

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads and for free by becoming a member!

2+
avatar
Share
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account