*** Please note, I am not in any ESX4+ beta programme, so anything I write below is not covered by an NDA. I found this openly published on the internet ***
Following my last post about ESX and AD authentication, I have been investigating how I could refine things. This caused me to take a closer look at Likewise’s solutions, which I have used previously for managing Apple Macs in an AD environment. Whilst digging around their site, I noticed that VMware ESX was a supported option. So I moved to their forum to see if I could find any users who had implemented this to find out what their experience had been like. A simple search for VMware popped up this thread: http://www.likewise.com/community/index.php/forums/viewthread/542/ posted on the 10th December by one of the forum’s Administrators.
(The emboldening is my own emphasis)
Q: Which VMware products are supported by Likewise?
A: VMware ESX and ESXi 4.1 are the first VMware products to provide Likewise based Active Directory authentication as part of its hypervisor host OS. VMware provides full support for the Likewise technologies in its platform. Likewise Open and Likewise Enterprise are supported on previous versions of VMware. For more information, please contact firstname.lastname@example.org or post a question to the VMware Virtualization forum.
Q: What components of Likewise Open are included in VMware?
A: VMware has licensed the Likewise Identity Service from Likewise Software and integrated it into its hypervisor host operating systems ESX andESXi. This includes the components required to the support domain join, authentication and name based lookups of users among other features.
Q: How do I join a VMware 4.1 ESX or ESXi server to Active Directory?
A: VMware ESX 4.1 system is in early beta. Contact VMware for directions on joining to AD.
Q: Are event logging and group policy features available for VMware?
A: Event logging and group policy features are unique to Likewise Enterprise. These are not available on ESXi systems.
Q: Is VMware Server on other OS distributions supported?
A: Yes, as long as the OS is supported by Likewise. sudo can be used with VMware and Likewise to control access to the VMware management commandline.
Q: Can I install Likewise Enterprise or Likewise Open agents on an existing VMware 4.1 system?
A: This is not currently supported in Likewise 5.3 and VMware 4.1 is still in beta. Stay tuned to the forums for updates.
Q: Is VMware vMA supported by Likewise Enterprise or Likewise Open?
A: vMA is the vSphere Management Assistant, a Red Hat Linux VM used to enable automation and troubleshooting scenarios with ESXi which doesn’tnormally support a service console. As a Red Hat compatible distribution, Likewise is supported on this system, but may require specific changes or additional packages.
Q: I installed Likewise on a VMware 4.0 system and the domain-join failed. How can I get it to join properly?
A: The pam configuration of VMware changed from 3.5 to 4.0. Likewise 5.3 does not currently support these changes. However, the join can be completed with instructions from email@example.com.
This is certainly exciting news as far as I’m concerned. Likewise provides some great functionality, and should make user management in ESX much easier for Enterprise deployments. You can read about the features of the Likewise Identity Service, which is the component that VMware is licensing.
Here’s a quick rundown of a few of the nice things it might offer:
- Authenticate with AD users and groups. AD schema changes not required.
- Cached credentials support if the DCs are unavailable.
- Backup alternative to ntpd via AD.
- Support for AD site affinity.
- Support for multiple forests.
You think you might find this useful?