Adding VMware VMkernel Systems

Overview

To manage VMware VMkernel accounts, you need to specify a valid local administrative account and password. See "Specifying a local administrative account" for more information. The account used must be in a role in the VMware VMkernel with the Host.Local.ManageUserGroups privilege.

For any account you add, you can also choose whether or not you want Privileged Access Service to manage the account password. If you select Manage this credential, Privileged Access Service automatically resets the password after the account and system are added and each time the account is checked in.

If you select Manage this credential, keep in mind that the Privileged Access Service can only manage passwords for privileged user accounts that have sufficient rights to configure and save settings. In addition, if there are any pending changes for other user accounts, those changes will be saved when Privileged Access Service updates a managed password.

For more information on managing VMware VMkernel systems, see the following topics:

  • "Modifying system-specific details"
  • "Password complexity rules"
  • "Changing VMware VMkernel system settings"

Password Complexity Rules

All managed passwords generated by the Privileged Access Service consist of at least one upper case letter, one lower case letter, one number, one special character, and allow consecutive repeated characters regardless of the system type. In the Admin Portal > Settings >Resources>Password Profiles, the default password profile for VMware VMkernel systems restricts password length to a maximum of 39 characters. The following additional password rules apply:

  • Minimum password length: 12 characters.
  • Maximum password length: 39 characters.
  • Supported special characters: !$%&()*+,-./:;<=>?[]^_{|}~

You should not use the following special characters in passwords that you define for VMware VMkernel user accounts: ' " `

You should keep in mind that only Privileged Access Service will know the managed password being generated and stored. You should not select this option if you don’t want Privileged Access Service to manage the password for the account.

Changing VMware VMkernel System Settings

In addition to the common system settings you can change for any type of system, there are a few VMware VMkernel system settings. For example, you can use System Settings to update the following types of information after adding a system:

  • Change the session type or port number for remote connections

You can manually select secure shell or remote desktop and change the port number for remote sessions. If you don’t specify a session type and port, the secure shell client and port 22 are used by default.

  • Select a system time zone

You can manually select the time zone you want to use for any system. If you don’t specify a time zone, the local time zone of the system is used by default.

  • Account Management Settings

For password management, HTTPS port 443 is used. If you changed the port assignment used for password management, you need to manually set the Management Port field to match the setting of the VMware VMkernel system. Contact VMware VMkernel Support if you want to change the port setting.