vCenter Server has had the ability to audit vSphere logins, whether through the API or UI, for nearly two decades using vSphere Events, which provide detailed information on who connected, when the login occurred and the client IP address associated with the session.
While looking up something in the latest vSphere 9.1 Automation REST API, I came across a new Connection Utilization API that provides visibility into all HTTP and HTTPS connections established with vCenter Server.
While most organizations deploy vCenter Server on a dedicated management network as a best practice, it does not eliminate the possibility of unexpected or unauthorized connections. Having additional visibility into those connections and the ability to audit them can help organizations quickly identify and investigate suspicious activity.
To demonstrate the new vCenter Connection Utilization API, I have created a PowerCLI script called list_vcenter_connection.ps1 which will list all HTTP/HTTPS connections along with the established address, port and the current session state.
Note: An added benefit to this new API is that it also provides the connection limit from vCenter Server, so you can easily create an alert based on this threshold.
Thanks for the comment!