This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions of
this document, see http://www.vmware.com/support/pubs.
EN-002210-00
vSphere Single Host Management - VMware Host Client
You can find the most up-to-date technical documentation on the VMware Web site at:
hp://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About vSphere Single Host Management - VMware Host Client5
VMware Host Client Overview7
1
VMware Host Client System Requirements 7
Using the VMware Host Client 8
Host Management with the VMware Host Client11
2
Managing System Seings in the VMware Host Client 11
Managing Hosts in vCenter Server 21
Reboot or Shut Down an ESXi Host in the VMware Host Client 22
Using the ESXi Shell 23
Place a Host in Maintenance Mode in the VMware Host Client 24
Managing Permissions in the VMware Host Client 24
Generate a Support Bundle in the VMware Host Client 26
Monitoring an ESXi Host in the VMware Host Client 26
Lockdown Mode 28
Administering CPU Resources by Using the VMware Host Client 30
Virtual Machine Management with the VMware Host Client33
3
Creating a Virtual Machine in the VMware Host Client 33
Deploying a Virtual Machine from an OVF or OVA File in the VMware Host Client 37
Registering Existing Virtual Machines in the VMware Host Client 39
Using Consoles in the VMware Host Client 41
Managing a Guest Operating System in the VMware Host Client 42
Conguring a Virtual Machine in the VMware Host Client 46
Managing Virtual Machines in the VMware Host Client 71
Monitoring a Virtual Machine in the VMware Host Client 80
VMware, Inc.
Managing Storage in the VMware Host Client83
4
Working with Datastores in the VMware Host Client 83
Managing Storage Adapters in the VMware Host Client 95
Managing Storage Devices in the VMware Host Client 103
Monitoring Storage in the VMware Host Client 104
Performing Storage Refresh and Rescan Operations in the VMware Host Client 104
Networking in the VMware Host Client107
5
Managing Port Groups in the VMware Host Client 107
Managing Virtual Switches in the VMware Host Client 112
Managing Physical Network Adapters in the VMware Host Client 117
Managing VMkernel Network Adapters in the VMware Host Client 117
View TCP/IP Stack Conguration on a Host in the VMware Host Client 119
3
vSphere Single Host Management - VMware Host Client
Change the Conguration of a TCP/IP Stack on a Host in the VMware Host Client 120
Conguring ESXi Firewall in the VMware Host Client 120
Monitoring Networking Events and Tasks in the VMware Host Client 122
Index125
4 VMware, Inc.
About vSphere Single Host Management VMware Host Client
vSphere Single Host Management - VMware Host Client provides information about managing single hosts with
the VMware Host Client.
The VMware Host Client can be utilized to conduct emergency management when vCenter Server is
unavailable. You can use the VMware Host Client to perform administrative tasks and basic troubleshooting
tasks, as well as advanced administrative tasks.
Intended Audience
This information is intended for anyone who wants to use the VMware Host Client to manage single ESXi
hosts. The information is wrien for experienced Windows or Linux system administrators who are familiar
with virtual machine technology and datacenter operations.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions
of terms as they are used in VMware technical documentation, go to
hp://www.vmware.com/support/pubs.
VMware, Inc.
5
vSphere Single Host Management - VMware Host Client
6 VMware, Inc.
VMware Host Client Overview1
The VMware Host Client is an HTML5-based client that is used to connect to and manage single ESXi hosts.
You can use the VMware Host Client to perform administrative and basic troubleshooting tasks, as well as
advanced administrative tasks on your target ESXi host. You can also use the VMware Host Client to
conduct emergency management when vCenter Server is not available.
It is important to know that the VMware Host Client is dierent from the vSphere Web Client, regardless of
their similar user interfaces. You use the vSphere Web Client to connect to vCenter Server and manage
multiple ESXi hosts, whereas you use the VMware Host Client to manage a single ESXi host.
VMware Host Client functions include, but are not limited to the following operations:
Basic virtualization operations, such as deploying and conguring virtual machines of various
n
complexity
Creating and managing networking and datastores
n
Advanced tuning of host level options to improve performance
n
This chapter includes the following topics:
“VMware Host Client System Requirements,” on page 7
n
“Using the VMware Host Client,” on page 8
n
VMware Host Client System Requirements
Make sure that your browser supports the VMware Host Client.
The following guest operating systems and Web browser versions are supported for the
VMware Host Client.
Table 1‑1. Supported Guest Operating Systems and Browser Versions for the VMware Host Client
Supported BrowsersMac OSWindowsLinux
Google Chrome25+25+25+
Mozilla Firefox20+15+15+
Internet ExplorerN/A10+N/A
Safari5.1+5.1+-
VMware, Inc. 7
vSphere Single Host Management - VMware Host Client
Using the VMware Host Client
The embedded VMware Host Client is an HTML5-based client that has a similar interface to the
vSphere Web Client but is only used to manage single ESXi hosts. You use the VMware Host Client to
conduct emergency management when vCenter Server is temporarily unavailable.
Start the VMware Host Client and Log In
You can use the VMware Host Client to manage single ESXi hosts and perform various administrative and
troubleshooting tasks on your virtual machines.
N The VMware Host Client only works for administrative users.
Procedure
1In a Web browser enter the target host name or IP address using the form http://host-name/ui or
http://host-IP-address/ui.
A log in screen appears.
2Enter your user name and your password.
3Click Login to continue.
4Review the VMware Customer Experience Improvement Program (CEIP) page and choose whether you
want to join the program.
To learn about the program and how to congure it at any time, see “Conguring Customer Experience
Improvement Program,” on page 9.
5Click OK.
You are now logged in to your target ESXi host.
Log Out of the VMware Host Client
When you no longer need to view or manage your target ESXi host, log out of the VMware Host Client.
N Closing a VMware Host Client session does not stop the host.
Procedure
To log out of the ESXi host, click the user name at the top of the VMware Host Client window and select
u
Log out from the drop-down menu.
You are now logged out of the VMware Host Client. Your target ESXi host continues to run all its
normal activities.
8 VMware, Inc.
Chapter 1 VMware Host Client Overview
Configuring Customer Experience Improvement Program
When you choose to participate in the Customer Experience Improvement Program (CEIP), VMware
receives anonymous information to improve the quality, reliability, and functionality of VMware products
and services.
Categories of Information That VMware Receives
This product participates in VMware's Customer Experience Improvement Program ("CEIP").
Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set
forth at the Trust & Assurance Center at hp://www.vmware.com/trustvmware/ceip.html. To join or leave
the CEIP for this product, see “Leave and Rejoin the Customer Experience Improvement Program in the
VMware Host Client,” on page 9.
Leave and Rejoin the Customer Experience Improvement Program in the
VMware Host Client
You can choose to leave the Customer Experience Improvement Program (CEIP), or rejoin the CEIP at any
time.
Procedure
1To leave and rejoin the CEIP, click the user name at the top of the VMware Host Client page.
2Point to Client > Send usage statistics, to leave or rejoin the CEIP.
VMware, Inc. 9
vSphere Single Host Management - VMware Host Client
10 VMware, Inc.
Host Management with the
VMware Host Client2
With the VMware Host Client, you can manage single ESXi hosts during vCenter Server upgrades or when
vCenter Server stops responding or becomes unavailable.
The VMware Host Client has a crucial set of troubleshooting functions, which allow you to perform tasks on
the ESXi host that you are logged in to if vCenter Server is unavailable. These functions include but are not
limited to conguring advanced host seings, licensing, managing certicates, using the ESXi Shell,
enabling Lockdown mode, and so on.
This chapter includes the following topics:
“Managing System Seings in the VMware Host Client,” on page 11
n
“Managing Hosts in vCenter Server,” on page 21
n
“Reboot or Shut Down an ESXi Host in the VMware Host Client,” on page 22
n
“Using the ESXi Shell,” on page 23
n
“Place a Host in Maintenance Mode in the VMware Host Client,” on page 24
n
“Managing Permissions in the VMware Host Client,” on page 24
n
“Generate a Support Bundle in the VMware Host Client,” on page 26
n
“Monitoring an ESXi Host in the VMware Host Client,” on page 26
n
“Lockdown Mode,” on page 28
n
“Administering CPU Resources by Using the VMware Host Client,” on page 30
n
Managing System Settings in the VMware Host Client
With the VMware Host Client, you can manage advanced host seings, assign or remove licenses to your
host, congure start and stop policies for host services, and manage time and date conguration for the host.
Manage Advanced Settings in the VMware Host Client
You can change the seings of a host by using the VMware Host Client.
C Changing advanced options is considered unsupported unless VMware technical support or a KB
article instruct you to do so. In all other cases, changing these options is considered unsupported. In most
cases, the default seings produce the optimum result.
Procedure
1Click Manage in the VMware Host Client inventory and click Advanced .
VMware, Inc.
11
vSphere Single Host Management - VMware Host Client
2Right-click the appropriate item from the list and select Edit option from the drop-down menu.
The Edit option dialog box is displayed.
3Edit the value and click Save to apply your changes.
4(Optional) Right-click the appropriate item from the list and select Reset to default to go back to the
original seings of the item.
Change Autostart Configuration in the VMware Host Client
Congure autostart options for the ESXi host to set up when the host starts and stops.
Procedure
1Click Manage in the VMware Host Client inventory and click System.
2Click Autostart.
3Click Edit .
4Select Yes to enable changing the autostart conguration.
5Change the seings as appropriate and click Save.
Edit Time Configuration of an ESXi Host in the VMware Host Client
You can congure the time seings on a host manually, or you can synchronize the time and date of the host
by using an NTP server.
Procedure
1Click Manage in the VMware Host Client inventory and click Time & Date.
2Click Edit .
3Select an option for seing the time and date of the host.
OptionDescription
Manually configure the date and
time on this host
Use Network Time Protocol (Enable
NTP client)
Set the time and date for the host manually.
Synchronize the time and date of the host with an NTP server. The NTP
service on the host periodically takes the time and date from the NTP
server.
aIn the NTP Servers text box, type the IP addresses or host names of the
NTP servers that you want to use.
b From the NTP Service Startup Policy drop-down list, select an option
for starting and stopping the NTP service on the host.
Start and stop with port usage - Starts or stops the NTP service
n
when the NTP client port is enabled or disabled for access in the
security prole of the host .
Start and stop with host - Starts and stops the NTP service when
n
the host powers on or shuts down.
Start and stop manually - Enables manual starting and stopping
n
of the NTP service.
You can use the Start, Stop, or Restartbuons to control the status of the
NTP service on the host manually at any time regardless of the selected
startup policy for the NTP service. If you select the Start and stopmanually policy, the status of the NTP service only changes when you use
the UI controls. .
4Click Save .
12 VMware, Inc.
Chapter 2 Host Management with the VMware Host Client
Managing Hardware for an ESXi Host by Using the VMware Host Client
When you log in to an ESXi host by using the VMware Host Client, you can manage PCI devices and
congure power management seings.
Host Power Management Policies
You can apply several power management features in ESXi that the host hardware provides to adjust the
balance between performance and power. You can control how ESXi uses these features by selecting a power
management policy.
Selecting a high-performance policy provides more absolute performance, but at lower eciency and
performance per wa. Low-power policies provide less absolute performance, but at higher eciency.
ESXi provides ve power management policies. If the host does not support power management, or if the
BIOS seings specify that the host operating system is not allowed to manage power, only the Not
Supported policy is available.
You can select a policy for the host that you manage by using the VMware Host Client. If you do not select a
policy, ESXi uses Balanced by default.
Table 2‑1. CPU Power Management Policies
Power Management PolicyDescription
High PerformanceDo not use any power management features.
Balanced (Default)Reduce energy consumption with minimal performance
compromise
Low PowerReduce energy consumption at the risk of lower
performance
CustomUser-dened power management policy. Advanced
conguration becomes available.
When a CPU runs at lower frequency, it can also run at lower voltage, which saves power. This type of
power management is typically called Dynamic Voltage and Frequency Scaling (DVFS). ESXi aempts to
adjust CPU frequencies so that virtual machine performance is not aected.
When a CPU is idle, ESXi can apply deep halt states, also known as C-states. The deeper the C-state, the less
power the CPU uses, but it also takes longer for the CPU to start running again. When a CPU becomes idle,
ESXi applies an algorithm to predict the idle state duration and chooses an appropriate C-state to enter. In
power management policies that do not use deep C-states, ESXi uses only the shallowest halt state for idle
CPUs, C1.
Change Power Management Policies in the VMware Host Client
Change the power management policies of the host that you are managing to control the energy
consumption of your host.
Procedure
1Click Manage in the VMware Host Client inventory and click Hardware.
2Click Power Management and click Change policy.
The available power management policies are displayed.
3Select the radio buon next to the policy that you want to apply.
4Click OK.
VMware, Inc. 13
vSphere Single Host Management - VMware Host Client
Licensing for ESXi Hosts
ESXi hosts are licensed with vSphere licenses. Each vSphere license has a certain CPU capacity that you can
use to license multiple physical CPUs on ESXi hosts. When you assign a vSphere license to a host, the
amount of CPU capacity that is consumed is equal to the number of physical CPUs in the host. vSphere
Desktop that is intended for VDI environments is licensed on per virtual machine basis.
To license an ESXi host, you must assign it a vSphere license that meets the following prerequisites:
The license must have sucient CPU capacity to license all physical CPUs on the host. For example, to
n
license two ESXi hosts that have four CPUs each, you need to assign a vSphere license with a minimum
capacity of 8 CPUs to the hosts.
The license must support all the features that the host uses. For example, if the host is associated with a
n
vSphere Distributed Switch, the license that you assign must support the vSphere Distributed Switch
feature.
If you aempt to assign a license that has insucient capacity or does not support the features that the host
uses, the license assignment fails.
You can assign and reassign the CPU capacity of a vSphere license to any combination of ESXi hosts. . You
can assign a vSphere license for 10 CPUs to any of the following combinations of hosts:
Five 2-CPU hosts
n
Three 2-CPU hosts and one 4-CPU host
n
Two 4-CPU hosts and one 2-CPU host
n
One 8-CPU host and one 2-CPU host
n
Dual-core and quad-core CPUs, such as Intel CPUs that combine two or four independent CPUs on a single
chip, count as one CPU.
Evaluation Mode
When you install ESXi, its default license is evaluation mode. Evaluation mode licenses expire after 60 days.
An evaluation mode license provides the set of features that equals the highest vSphere product edition.
If you assign a license to an ESXi host before its evaluation period expires, the time available in the
evaluation period is decreased by the time already used. To explore the entire set of features that are
available for the host, you can set it back to evaluation mode, and use it for the remaining evaluation period.
For example, if you use an ESXi host in evaluation mode for 20 days and then assign a vSphere Standard
license to the host and then set the host back to evaluation mode, you can explore the entire set of features
that are available for the host for the remaining evaluation period of 40 days.
License and Evaluation Period Expiry
For ESXi hosts, license or evaluation period expiry leads to disconnection from vCenter Server. All powered
on virtual machines continue to work, but you cannot power on virtual machines after they are powered o.
You cannot change the current conguration of the features that are in use. You cannot use the features that
remained unused while the host was in evaluation mode.
Licensing ESXi Hosts After Upgrade
If you upgrade an ESXi host to a version that starts with the same number, you do not need to replace the
existing license with a new one. For example, if you upgrade a host from ESXi 5.1 to 5.5, you can use the
same license for the host.
14 VMware, Inc.
Chapter 2 Host Management with the VMware Host Client
If you upgrade an ESXi host to a version that starts with a dierent number, you must apply a new license.
For example, if you upgrade an ESXi host from 5.x to 6.x, you need to license the host with a vSphere 6
license.
vSphere Desktop
vSphere Desktop is intended for VDI environments such as Horizon View. The license usage for vSphere
Desktop equals the total number of powered on desktop virtual machines running on the hosts that are
assigned a vSphere Desktop license.
View Licensing Information About the VMware Host Client Environment
You can view the available licenses in the VMware Host Client along with their expiration dates, license key,
and various features. You can also view the available products and assets.
Procedure
1Click Manage in the VMware Host Client inventory and click Licensing.
2Click a license from the list to view the license key, expiration date, and the available features and
assets.
Assign a License Key to an ESXi Host in the VMware Host Client
By using the VMware Host Client, you can assign an existing or new license key to an ESXi host.
Prerequisites
Verify that you have the Global.Licenses privilege.
Procedure
1Click Manage in the VMware Host Client inventory and click Licensing.
2Click Assign license, enter a license key in the form XXXXX-XXXXX-XXXXX-XXXXX-XXXXX, and click Check
license.
3Click Assign license to save your changes.
Remove a License from an ESXi Host in the VMware Host Client
To remain in compliance with the licensing models of products that you use with vSphere, you must remove
all unassigned licenses from the inventory. If you have divided, combined, or upgraded licenses in My
VMware, you must remove the old licenses.
For example, suppose that you have upgraded a vSphere license from 5.5 to 6.0 in My VMware. You assign
the license to ESXi 6.0 hosts. After assigning the new vSphere 6.0 licenses, you must remove the old vSphere
5.5 license from the inventory.
Procedure
1Click Manage in the VMware Host Client inventory and click Licensing.
2Right-click a license from the list, click Remove license, and click Remove.
Update Your VMware Host Client Environment to the Latest Version
To evaluate whether you are using the latest version of the VMware Host Client, check what VIBs are
installed to your environment and examine the VIBs version information. You can update your
VMware Host Client environment by entering a URL to a VIB or an ESX update metadata.ziple.
If you provide a VIB, an existing VIB that is installed to your VMware Host Client environment is updated
to the new VIB.
VMware, Inc. 15
vSphere Single Host Management - VMware Host Client
If a link to a metadata.ziple is provided, the entire ESXi system is updated to the version described by the
metadata.zip le.
C If the host is managed by vSphere Update Manager, updating the host via this message might
cause Update Manager to report the host as non-compliant.
Procedure
1Click Manage in the VMware Host Client and click Packages.
2Click Install update and enter the URL of the VIB or a metadata.ziple.
3Click Update.
4Click Refresh to make sure that the update is successful.
Manage Services in the VMware Host Client
In the VMware Host Client, you can start, stop, and restart services that are running on the host that you are
logged in to, and you can congure host service policy. You can restart services when you change host
congurations or in case of suspected functional or performance issues.
Procedure
1Click Manage in the VMware Host Client inventory and click Services.
2From the Services list, select a service.
3From the Actions drop-down menu, select an operation.
Restart
n
Start
n
Stop
n
4(Optional) From the Actions drop-down menu, select Policy and select an option for the service from
the menu.
Start and stop with ports
n
Start and stop with host
n
Start and stop manually
n
Managing Security and Users for an ESXi Host by Using the
VMware Host Client
The ESXi hypervisor architecture has many built-in security features that you can congure to enhance
security. By using the VMware Host Client, you can congure features, such as active directory, and you can
also manage certicates.
Managing Host Authentication by Using the VMware Host Client
When you log in to an ESXi host by using the VMware Host Client, you can check whether active directory
and smart card authentication are enabled, and you can also join the host to a directory service domain.
Join an ESXi Host to a Directory Service Domain by Using the VMware Host Client
To use a directory service for your host, you must join the host to the directory service domain.
You can enter the domain name in one of two ways:
name.tld (for example, domain.com): The account is created under the default container.
n
16 VMware, Inc.
Chapter 2 Host Management with the VMware Host Client
name.tld/container/path (for example, domain.com/OU1/OU2): The account is created under a particular
n
organizational unit (OU).
To use the vSphere Authentication Proxy service, see vSphere Security.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click Authentication and click Join domain.
3Enter a domain name.
Use the form name.tld or name.tld/container/path.
4Enter the user name and password of a directory service user account that has permissions to join the
host to the domain and click Join domain.
5(Optional) If you intend to use an authentication proxy, enter the proxy server IP address and click Join
domain.
Using Active Directory to Manage ESXi Users
You can congure ESXi to use a directory service such as Active Directory to manage users.
Creating local user accounts on each host presents challenges with having to synchronize account names
and passwords across multiple hosts. Join ESXi hosts to an Active Directory domain to eliminate the need to
create and maintain local user accounts. Using Active Directory for user authentication simplies the ESXi
host conguration and reduces the risk for conguration issues that could lead to unauthorized access.
When you use Active Directory, users supply their Active Directory credentials and the domain name of the
Active Directory server when adding a host to a domain.
Using vSphere Authentication Proxy
When you use the vSphere Authentication Proxy, you do not need to transmit Active Directory credentials
to the host . Users supply the domain name of the Active Directory server and the IP address of the
authentication proxy server when they add a host to a domain.
vSphere Authentication Proxy is especially useful when used with Auto Deploy. You can set up a reference
host that points to Authentication Proxy and set up a rule that applies the reference host's prole to any
ESXi host provisioned with Auto Deploy. Even if you use vSphere Authentication Proxy in an environment
that uses certicates that are provisioned by VMCA or third-party certicates, the process works seamlessly
as long as you follow the instructions for using custom certicates with Auto Deploy. See the vSphereSecurity guide.
N You cannot use vSphere Authentication Proxy in an environment that supports only IPv6.
Managing Host Certificates by Using the VMware Host Client
When you log in to an ESXi host by using the VMware Host Client, you can view the certicate details of
your host, such as the issuer and the validity period, and you can also import new certicates
View Certificate Details for an ESXi Host in the VMware Host Client
For ESXi 6.0 and later, hosts that are in VMCA mode or custom mode, you can view certicate details when
you are logged in to the host with the VMware Host Client. The certicate information can be useful for
debugging.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
VMware, Inc. 17
vSphere Single Host Management - VMware Host Client
2Click .
You can view the following certicate details.
FieldDescription
Issuer
Not valid after
Not valid before
Subject
Import a New Certificate for an ESXi Host in the VMware Host Client
You can import a certicate from a trusted certicate authority when you are logged in to an ESXi host with
the VMware Host Client.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click and click Import new .
3Generate a certicate signing request, which is either an FQDN signing request or an IP signing request.
The certicate signing request is then passed to the certicate authority to generate the ocial
certicate.
The issuer of the certicate.
Date on which the certicate expires.
Date on which the certicate is generated.
The subject used during certicate generation.
An FQDN request has the fully qualied hostname of the host in the resulting common name eld of
the certicate. The IP signing request has the current IP address of the host in the common name eld.
4Paste a PEM formaedcerticate in the certicate text box and click Import.
You do not have to import the certicate immediately but you cannot reboot the host between
generating the certicate signing request and importing the certicate.
Managing Users with the VMware Host Client
Manage users to control who is authorized to log in to ESXi.
Users and roles control who has access to the ESXi host components and what actions each user can
perform.
In vSphere 5.1 and later, ESXi user management has the following caveats .
The users created when you connect directly to an ESXi host are not the same as the vCenter Server
n
users. When the host is managed by vCenter Server, vCenter Server ignores users created directly on
the host.
You cannot create ESXi users by using the vSphere Web Client. You must log in to the host directly with
n
the VMware Host Client to create ESXi users .
ESXi 5.1 and later does not support local groups. However, Active Directory groups are supported.
n
To prevent anonymous users, such as root, from accessing the host with the Direct Console User Interface
(DCUI) or ESXi Shell, remove the user's administrator privileges on the root folder of the host. This applies
to both local users and Active Directory users and groups.
Add an ESXi User in the VMware Host Client
Adding a user to the users table updates the internal user list that the host maintains.
Prerequisites
Review the password requirements in the vSphere Security documentation.
18 VMware, Inc.
Chapter 2 Host Management with the VMware Host Client
Procedure
1Log in to ESXi with the VMware Host Client.
You cannot create ESXi users with the vSphere Web Client. You must directly log in to the host with the
VMware Host Client to create ESXi users.
2Click Manage in the VMware Host Client inventory and click Security & Users.
3Click Users.
4ClickAdd user.
5Enter a user name, and a password.
N Do not create a user named ALL. Privileges associated with the name ALL might not be available
to all users in some situations. For example, if a user named ALL has Administrator privileges, a user
with the ReadOnly privileges might be able to log in to the host remotely. This is not the intended
behavior.
Do not include any spaces in the user name.
n
Do not include any non-ASCII characters in the user name.
n
Create a password that meets the length and complexity requirements. The host checks for
n
password compliance using the default authentication plug-in, pam_passwdqc.so. If the password is
not compliant, an error message indicates password requirements.
6Click Add.
Update an ESXi User in the VMware Host Client
You can change the user name, description, and password for an ESXi user in the VMware Host Client.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click Users.
3Select a user from the list and click Edit user.
4Update the user details and click Save.
Remove a Local ESXi User from a Host in the VMware Host Client
You can remove a local ESXi user from the host.
C Do not remove the root user.
If you remove a user from the host, they lose permissions to all objects on the host and cannot log in again.
N Users who are logged in and are removed from the domain keep their host permissions until you
restart the host.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click Users.
3Select the user that you want to remove from the list, click Remove user, and click Yes.
Do not remove the root user for any reason.
VMware, Inc. 19
vSphere Single Host Management - VMware Host Client
Managing ESXi Roles in the VMware Host Client
ESXi grants access to objects only to users who are assigned permissions for the object. When you assign a
user permissions for the object, you do so by pairing the user with a role. A role is a predened set of
privileges.
ESXi hosts provide three default roles, and you cannot change the privileges associated with these roles.
Each subsequent default role includes the privileges of the previous role. For example, the Administrator
role inherits the privileges of the Read Only role. Roles that you create do not inherit privileges from any of
the default roles.
You can create custom roles by using the role-editing dunctions in the VMware Host Client to create
privilege sets that match your user needs. Also, the roles you create directly on a host are not accessible in
vCenter Server. You can work with these roles only if you log in to the host directly from the
VMware Host Client.
N When you add a custom role and do not assign any privileges to it, the role is created as a read-only
role with the System.Anonymous, System.View, and System.Readsystem-dened privilege.
If you manage an ESXi host through vCenter Server, maintaining custom roles in the host and
vCenter Server can result in confusion and misuse. In this type of conguration, maintain custom roles only
in vCenter Server.
You can create host roles and set permissions through a direct connection to the ESXi host with the
VMware Host Client.
Add a Role in the VMware Host Client
You can create roles to suit the access control needs of your environment.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click Roles.
3Click Add role.
4Enter a name for the new role.
5Select privileges from the list to associate with the new role and click Add.
Update a Role in the VMware Host Client
When you edit a role, you can change the privileges selected for that role. When complete, these privileges
are applied to any user or group that is assigned the edited role.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click Roles.
3Select a role from the list and click Edit role.
4Update the role details and click Save.
20 VMware, Inc.
Remove a Role in the VMware Host Client
When you remove a role that is not assigned to any users or groups, the denition is removed from the list
of roles. When you remove a role that is assigned to a user or group, you can remove assignments or replace
them with an assignment to another role.
C You must understand how users will be aected before removing all assignments or replacing
them. Users who have no permissions granted to them cannot log in.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click Roles.
3Select the name of the role that you want to remove from the list.
4Click Remove role, select Remove only if unused, and click Yes.
Managing Hosts in vCenter Server
Chapter 2 Host Management with the VMware Host Client
To access the full capabilities of the host that you are managing, connect the host to a vCenter Server system.
For information about conguration management of ESXi hosts, see the vSphere Networking documentation,
the vSphere Storage documentation, and the vSphere Security documentation.
Unable to Connect from the VMware Host Client to an ESXi Host after
Upgrading to ESXi 6.0 or Later
After you upgrade your host from ESXi 5.5 to ESXi 6.0 or later, your browser console might display an error
message when you aempt to access your ESXi host by using the VMware Host Client, and your connection
might fail.
Problem
After you upgrade your ESXi host from 5.5 to 6.0 or later, aempting to navigate to http://host-name/ui or
http://host-IP-address/ui might result in the following error:
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:
A change to /etc/vmware/rhttpproxy/endpoints.conf remains after an upgrade and causes the /ui endpoint
to override the VMware Host Client.
When the /ticket is missing from the endpoint.confle on your 6.0 or later ESXi host, your in-browser
virtual machine console displays a Failed to connect error message but the VMware Remote Console
continues to work.
Solution
1Log in to your ESXi host either by using SSH or ESXi Shell.
If you use SSH, you might need to enable SSH rst. You can enable SSH by using DCUI.
2Back up the endpoints.confle.
cp
/etc/vmware/rhttpproxy/endpoints.conf /tmp
VMware, Inc. 21
vSphere Single Host Management - VMware Host Client
3Open the /etc/vmware/rhttpproxy/endpoints.confle in an editor and add the following line.
/ui local 8308 redirect
allow
4Restart the reverse Web proxy .
/etc/init.d/rhttpproxy restart
5Try to access the VMware Host Client at http://host-name/ui or http://host-IP-address/ui.
Switch to the vSphere Web Client
To access the full set of capabilities, and advanced administrative and troubleshooting functions of the ESXi
host, connect the ESXi host to vCenter Server.
Procedure
1Right-click Host in the VMware Host Client inventory and select Manage with vCenter Server from the
drop-down menu.
The vCenter Server login page opens in a new window.
2Enter your credentials and click Login.
Disconnect an ESXi Host from vCenter Server by Using the VMware Host Client
If you no longer want to use the advanced set of capabilities available throughvCenter Server for host
management, or if vCenter Server has failed and you must perform emergency operations on the host, you
can disconnect your ESXi host from vCenter Server.
Disconnecting an ESXi host might take up to several minutes.
Procedure
1Right-click Host in the VMware Host Client inventory and select Disconnect from vCenter Server from
the pop-up menu.
N Disconnecting a host signals vCenter Server that this host is not responding.
2Click Disconnect from vCenter Server.
Reboot or Shut Down an ESXi Host in the VMware Host Client
You can power o or restart any ESXi host by using the VMware Host Client. Powering o a managed host
disconnects it from vCenter Server, but does not remove it from the inventory.
Prerequisites
To be able to reboot or shut down a host, you need these privileges.
Host..Maintenance
n
Global.Log event
n
Always perform the following tasks before you reboot or shut down a host:
Power o all virtual machines on the host.
n
Place the host in maintenance mode.
n
22 VMware, Inc.
Procedure
1Right-click the host, select Shut down host or Reboot host.
N If the host is not in maintenance mode, shuing down or rebooting it does not stop the virtual
machines that are running on this host safely and unsaved data may be lost. If the host is part of a
Virtual SAN cluster, you might lose access to the Virtual SAN data on the host.
2Click Shut down or Reboot to complete the procedure.
Using the ESXi Shell
The ESXi Shell, which was formerly referred to as Tech Support Mode or TSM, is disabled by default on
ESXi. You can enable local and remote access to the shell if necessary.
Enable the ESXi Shell for troubleshooting only. The ESXi Shell can be enabled or disabled when the host is
running in lockdown mode. The host running in lockdown mode does not prevent you from enabling or
disabling the ESXi Shell. See vSphere Security.
Chapter 2 Host Management with the VMware Host Client
ESXi Shell
SSH
The root user and users with the Administrator role can access the ESXi Shell. Users who are in the Active
Directory group ESX Admins are automatically assigned the Administrator role. By default, only the root
user can execute system commands (such as vmware -v) by using the ESXi Shell.
N Do not enable the ESXi Shell until you actually need access.
Enable this service to access the ESXi Shell locally.
Enable this service to access the ESXi Shell remotely by using SSH. See
vSphere Security.
Enable the Secure Shell (SSH) in the VMware Host Client
Enable the Secure Shell (SSH) to access the ESXi Shell remotely by using SSH.
Procedure
1To enable or disable the Secure Shell (SSH), right-click Host in the VMware Host Client inventory.
2Select Services from the drop-down menu and select Secure Shell (SSH).
3Select a task to perform.
If SSH is enabled, click Disable to disable it.
n
If SSH is disabled, click Enable to enable it.
n
Enable the ESXi Console Shell in the VMware Host Client
When you enable this service while running in lockdown mode, you can log in locally to the direct console
user interface as the root user and disable lockdown mode. You can then access the host using a direct
connection to the VMware Host Client or by enabling the ESXi Shell.
Procedure
1To enable or disable the Console Shell, right-click Host in the VMware Host Client inventory.
2Select Services from the drop-down menu and select Console Shell.
3Select a task to perform.
If the Console Shell is enabled, click Disable to disable it.
n
If the Console Shell is disabled, click Enable to enable it.
n
VMware, Inc. 23
vSphere Single Host Management - VMware Host Client
Place a Host in Maintenance Mode in the VMware Host Client
You place a host in maintenance mode when you need to service it, for example, to install more memory. A
host enters or leaves maintenance mode only as the result of a user request.
The host is in a state of Entering Maintenance Mode until all running virtual machines are powered o or
migrated to dierent hosts. You cannot power o virtual machines or migrate virtual machines to a host that
is entering or in maintenance mode.
To place a host in maintenance mode, all virtual machines that are running on the host must be powered o
or migrated to dierent hosts. If you aempt to place a host that has running virtual machines on it in
maintenance mode, DRS must power o or migrate the running virtual machines for the task to complete. If
a time out occurs before the virtual machines are powered o or migrated, an error message appears.
When all virtual machines on the host are inactive, the host's icon displays under maintenance and the
host's Summary panel indicates the new state. While in maintenance mode, the host does not allow you to
deploy or power on a virtual machine.
Prerequisites
Before you place a host in maintenance mode, power o all virtual machines that are running on that host or
migrate them to another host either manually or automatically by DRS.
Procedure
Right-click the host and select Enter maintenance mode.
u
The host is in maintenance mode until you select Exit maintenance mode.
Managing Permissions in the VMware Host Client
For ESXi, permissions are dened as access roles that consist of the roles assigned to a user for dierent
objects such as a virtual machine or ESXi host. Permissions grant users the right to perform the activities
specied by the role on the object to which the role is assigned.
For example, to congure memory for the host, a user must be granted a role that includes the
Host..Memory privilege. By assigning dierent roles to users for dierent
objects, you can control the tasks that users can perform by using the VMware Host Client.
When connecting directly to a host with the VMware Host Client, the root and vpxuser user accounts have
the same access rights as any user assigned the Administrator role on all objects.
All other users initially have no permissions on any object, which means the users cannot view or perform
tasks on these objects. A user with Administrator privileges must assign permissions to these users to allow
them to perform tasks.
Many tasks require permissions on more than one object. The following rules can help you determine which
roles to assign to users to allow particular tasks:
Any task that consumes hard disk space, such as creating a virtual disk or taking a snapshot, requires
n
the Datastore.Allocate Space privilege on the target datastore and the privilege to perform the
operation itself.
Each host and cluster has its own implicit resource pool that contains all the resources of that host or
n
cluster. Deploying a virtual machine directly to a host or cluster requires the Resource.Assign Virtual
Machine to Resource Pool privilege.
The list of privileges is the same for both ESXi and vCenter Server.
You can create roles and set permissions through a direct connection to the ESXi host.
24 VMware, Inc.
Chapter 2 Host Management with the VMware Host Client
Permission Validation
vCenter Server and ESXi hosts that use Active Directory regularly validate users and groups against the
Windows Active Directory domain. Validation occurs whenever the host system starts and at regular
intervals specied in the vCenter Server seings.
For example, if user Smith was assigned permissions and in the domain the user’s name was changed to
Smith2, the host concludes that Smith no longer exists and removes permissions for that user when the next
validation occurs.
Similarly, if user Smith is removed from the domain, all permissions are removed when the next validation
occurs. If a new user Smith is added to the domain before the next validation occurs, the new user Smith
receives all the permissions the old user Smith was assigned.
Assign Permissions to a User for an ESXi Host in the VMware Host Client
In order to perform particular activities on an ESXi host, a user must have permissions that are associated
with a particular role. In the VMware Host Client you can assign roles to users and give the users the
permissions necessary to perform various tasks on the host.
Procedure
1Right-click Host in the VMware Host Client inventory and click Permissions.
2Click Add user.
3Click the arrow next to the Select a user text box and select the user that you would like to assign a role
to.
4Click the arrow next to the Select a role text box and select a role from the list.
5(Optional) Select Propagate to all children.
If you set a permission at a vCenter Server level and propagate it to the children objects, the permission
applies to data centers, folders, clusters, hosts, virtual machines, and other objects in the vCenter Server
instance.
6Click Add and click Close.
Remove Permissions for a User in the VMware Host Client
Removing a permission for a user does not remove the user from the list of users available. It also does not
remove the role from the list of available items. It removes the user and role pair from the selected inventory
object.
Procedure
1Right-click Host in the VMware Host Client inventory and click Permissions.
2Select a user from the list and click Remove user.
3Click Close.
Assign a User Permissions for a Virtual Machine in the VMware Host Client
Assign a role to a particular user to give that user permissions to perform specic tasks on a virtual machine.
Procedure
1Click Virtual Machines in the VMware Host Client inventory.
2Right-click a virtual machine from the list and select Permissions.
VMware, Inc. 25
vSphere Single Host Management - VMware Host Client
3Click Add user.
4Click the arrow next to the Select a user text box and select the user that you want to assign a role for.
5Click the arrow next to the Select a role text box and select a role from the list.
6(Optional) Select Propagate to all children.
If you set a permission at a vCenter Server level and propagate it to the children objects, the permission
applies to data centers, folders, clusters, hosts, virtual machines, and similar objects in the
vCenter Server instance.
7Click Add and click Close.
Remove Permissions for a Virtual Machine in the VMware Host Client
To make a user unable to perform tasks on a particular virtual machine, remove the permissions of the user
for that virtual machine.
Removing a permission for a user does not remove the user from the list of users available. It also does not
remove the role from the list of available items. It removes the user and role pair from the selected inventory
object.
Procedure
1Click Virtual Machines in the VMware Host Client inventory.
2Right-click a virtual machine from the list and select Permissions.
3Select a user from the list and click Remove user.
4Click Close.
Generate a Support Bundle in the VMware Host Client
You can generate a support bundle for the ESXi host that you are logged in on. The support bundle contains
the log les and system information that you can use to diagnose and resolve problems.
Procedure
1Right-click Host in the VMware Host Client inventory and select Generate support bundle from the
drop-down menu.
A dialog that contains a link to download the bundle pops up when the support bundle is created.
2(Optional) Click Monitor in the VMware Host Client inventory, click Tasks and click a log bundle from
the list.
You can view the link to the log bundle under the table.
Monitoring an ESXi Host in the VMware Host Client
When you connect to a host using the VMware Host Client, you can monitor the host health status, and
view performance charts, events, tasks, system logs, and notications.
View Charts in the VMware Host Client
When you are logged in to the VMware Host Client, you can view information about resource usage of the
ESXi host that you are managing in line chart form.
To reduce memory consumption, the VMware Host Client only contains statistics for the last hour.
26 VMware, Inc.
Chapter 2 Host Management with the VMware Host Client
Procedure
1Click Monitor in the VMware Host Client and click Performance.
2(Optional) To view the host usage for the last hour, select an option from the drop-down menu.
To view the percentage of CPU that the host used during the last hour, select CPU.
n
To view the percentage of memory that the host consumed during the last hour, select Memory.
n
To view the memory and CPU composite that the host consumed during the last hour, select CPU +
u
memory composite.
To view the percentage of network that the host consumed during the last hour, select Network.
u
To view the disk usage that the host consumed during the last hour, select Disk.
u
Monitor Hardware Health Status in the VMware Host Client
When you are logged in to the VMware Host Client, you can monitor the health status of the ESXi host
hardware.
N Hardware health status is only available when the underlying hardware supports it.
Procedure
1Click Monitor in the VMware Host Client inventory and click Hardware.
2Select the type of information to view.
3(Optional) Use the lter controls above the list to lter the list.
4(Optional) Click a column heading to sort the list.
View Events in the VMware Host Client
Events are records of user actions or system actions that occur on an ESXi host. When you are logged in the
VMware Host Client, you can view all events associated with the host that you are managing.
Prerequisites
Required privilege: Read-only.
Procedure
Click Monitor in the VMware Host Client inventory and click Events.
u
a(Optional) Select an event to see event details.
b(Optional) Use the lter controls above the list to lter the list.
c(Optional) Click a column heading to sort the list.
View Tasks in the VMware Host Client
When you are logged in to the VMware Host Client, you can view tasks that are related to the ESXi host.
You can view information about task initiator, task state, task result, task description, and so on.
Procedure
Click Monitor in the VMware Host Client inventory and click Tasks.
u
a(Optional) Select a task to see task details.
b(Optional) Use the lter controls above the list to lter the list.
c(Optional) Click a column heading to sort the list.
VMware, Inc. 27
vSphere Single Host Management - VMware Host Client
View System Logs in the VMware Host Client
When you are logged in to an ESXi host with the VMware Host Client, you can view log entries to get
information such as who generated an event, when the event was created, and the type of event.
Procedure
1Click Monitor in the VMware Host Client inventory and click Logs.
The list of logs is displayed.
2(Optional) Click on a log to view log details.
3(Optional) Right-click a log and select one of the following options:
Open in new window
n
Generate support bundle
n
View Notifications in the VMware Host Client
When you are logged in the VMware Host Client, you can view host notications and recommendations for
related tasks that you should perform.
Procedure
1Click Monitor in the VMware Host Client inventory and click .
2Select a notication from the list to view the recommended action.
A message with a recommended action and a description is displayed under the notications list.
Lockdown Mode
To increase the security of your ESXi hosts, you can put them in lockdown mode. In lockdown mode,
operations must be performed through vCenter Server by default.
Normal Lockdown Mode and Strict Lockdown Mode
With vSphere 6.0, you can select normal lockdown mode or strict lockdown mode.
Normal Lockdown Mode
In normal lockdown mode, the DCUI service remains active. If the
connection to the vCenter Server system is lost, and access through the
vSphere Web Client is unavailable, privileged accounts can log in to the ESXi
host's Direct Console Interface and exit lockdown mode. Only the following
accounts can access the Direct Console User Interface:
Accounts in the Exception User list for lockdown mode who have
n
administrative privileges on the host. The Exception Users list is meant
for service accounts that perform specic tasks. Adding ESXi
administrators to this list defeats the purpose of lockdown mode.
28 VMware, Inc.
Chapter 2 Host Management with the VMware Host Client
Users dened in the DCUI.Access advanced option for the host. This
n
option is for emergency access to the Direct Console Interface in case the
connection to vCenter Server is lost. These users do not require
administrative privileges on the host.
Strict Lockdown Mode
In strict lockdown mode, which is new in vSphere 6.0, the DCUI service is
stopped. If the connection to vCenter Server is lost and the
vSphere Web Client is no longer available, the ESXi host becomes
unavailable, unless the ESXi Shell and SSH services are enabled and
Exception Users are dened. If you cannot restore the connection to the
vCenter Server system, you must reinstall the host.
Lockdown Mode and the ESXi Shell and SSH Services
Strict lockdown mode stops the DCUI service. However, the ESXi Shell and SSH services are independent of
lockdown mode. For lockdown mode to be an eective security measure, ensure that ESXi Shell and SSH
services are also disabled. These services are disabled by default.
When a host is in lockdown mode, users on the Exception Users list can access the host from the ESXi Shell
and through SSH if they have the Administrator role on the host. This access is possible even in strict
lockdown mode. Leaving the ESXi Shell service and the SSH service disabled is the most secure option.
N The Exception Users list is meant for service accounts that perform specic tasks such as host
backups, and not for administrators. Adding administrator users to the Exception Users list defeats the
purpose of lockdown mode.
Put an ESXi Host in Normal Lockdown Mode by Using the VMware Host Client
You can use the VMware Host Client to enter normal lockdown mode.
Procedure
1Right-click Host in the VMware Host Client inventory, select Lockdown mode from the drop-down
menu, and select Enter normal lockdown.
A warning message appears.
2Click Enter normal lockdown.
Put an ESXi Host in Strict Lockdown Mode by Using the VMware Host Client
You can use the VMware Host Client to enter strict lockdown mode.
Procedure
1Right-click Host in the VMware Host Client inventory, select Lockdown mode from the drop-down
menu, and select Enter strict lockdown.
The warning message appears.
2Click Enter strict lockdown.
VMware, Inc. 29
vSphere Single Host Management - VMware Host Client
Exit Lockdown Mode by Using the VMware Host Client
If you have entered normal or strict lockdown mode on an ESXi host, you can exit lockdown by using the
VMware Host Client.
Procedure
Right-click Host in theVMware Host Client inventory, select Lockdown mode from the drop-down
u
menu, and select Exit lockdown.
Specify Lockdown Mode Exception Users in the VMware Host Client
Starting with vSphere 6.0, you can add users to the exception users list by using the VMware Host Client.
These users do not lose their permissions when the host enters lockdown mode. You can add service
accounts, such as a backup agent to the exception users list.
Exception users are host local users or Active Directory users with privileges dened locally for the ESXi
host. They are not members of an Active Directory group and are not vCenter Server users. These users are
allowed to perform operations on the host based on their privileges. That means, for example, that a readonly user cannot disable lockdown mode on a host.
N The exception users list is useful for service accounts that perform specic tasks, such as host
backups, and not for administrators. Adding administrator users to the exception users list defeats the
purpose of lockdown mode.
Procedure
1Click Manage in the VMware Host Client inventory and click Security & Users.
2Click Lockdown mode.
3Click Add user exception, enter the name of the user, and click Add exception.
4(Optional) Select a name from the exception users list, click Remove user exception, and click .
Administering CPU Resources by Using the VMware Host Client
When you connect to an ESXi host with the VMware Host Client, you have access to a limited number of
resource management seings.
View Processor Information by Using the VMware Host Client
In the VMware Host Client, you can access information about the current CPU conguration of the ESXi
host that you are logged in to.
Procedure
1Click Host in the VMware Host Client inventory.
2Expand Hardware and expand CPU.
You can view the information about the number and type of physical processors, and the number of
logical processors.
30 VMware, Inc.
Loading...
+ 102 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.