After you install the vSphere Authentication Proxy service (CAM service), you must configure the host to use the authentication proxy server to authenticate users.

Install the vSphere Authentication Proxy service (CAM service) on a host as described in Install the vSphere Authentication Proxy Service.

1

Use the IIS manager on the host to set up the DHCP range.

Setting the range allows hosts that are using DHCP in the management network to use the authentication proxy service.

Option

Action

For IIS 6

a

Browse to Computer Account Management Web Site.

b

Right-click the virtual directory CAM ISAPI.

c

Select Properties > Directory Security > Edit IP Address and Domain Name Restrictions > Add Group of Computers.

For IIS 7

a

Browse to Computer Account Management Web Site.

b

Click the CAM ISAPI virtual directory in the left pane and open IPv4 Address and Domain Restrictions.

c

Select Add Allow Entry > IPv4 Address Range.

2

If a host is not provisioned by Auto Deploy, change the default SSL certificate to a self-signed certificate or to a certificate signed by a commercial certificate authority (CA).

Option

Description

Self-signed certificate

If you replace the default certificate with a self-signed certificate, add the host to vCenter Server so that the authentication proxy server will trust the host.

CA-signed certificate

Add the CA-signed certificate (Windows format only) to the local trust certificate store on the system where the authentication proxy service is installed and restart the vSphere Authentication Proxy Adapter service.

For Windows 2003, copy the certificate file to C:\Documents and Settings\All Users\Application Data\VMware\vSphere Authentication Proxy\trust.

For Windows 2008, copy the certificate file to C:\Program Data\VMware\vSphere Authentication Proxy\trust.