A VMware vSphere/ESXi integration MCP (Model Context Protocol) server built with Python's fastmcp library and pyVmomi. This server provides AI agents with tools for managing and monitoring VMware infrastructure.
docker pull ghcr.io/presidio-federal/vsphere-mcp:latest
docker run -d \
--name vsphere-mcp \
-p 3012:3012 \
-e VSPHERE_HOST=vcenter.example.com \
-e VSPHERE_USERNAME=administrator@vsphere.local \
-e VSPHERE_PASSWORD=your-password \
-e DISABLE_JWT_AUTH=true \
ghcr.io/leevanginkel/vsphere-mcp:latest version : ' 3.8' services :
vsphere-mcp :
image : ghcr.io/leevanginkel/vsphere-mcp:latest
container_name : vsphere-mcp
ports :
- " 3012:3012" environment :
- VSPHERE_HOST=vcenter.example.com
- VSPHERE_USERNAME=administrator@vsphere.local
- VSPHERE_PASSWORD=${VSPHERE_PASSWORD}
- VSPHERE_PORT=443
- VSPHERE_VERIFY_SSL=false
- DISABLE_JWT_AUTH=true
restart : unless-stopped
Tool
Description
Parameters
vsphere_vm_get_infoGet detailed information about a specific virtual machine
vm_name or vm_id
vsphere_vm_listList virtual machines with optional filters (default limit: 10)
datacenter, folder, power_state, limit
vsphere_vm_power_managementManage VM power operations (power_on, power_off, suspend, reset, shutdown_guest, restart_guest)
operation, vm_name or vm_id
vsphere_vm_deploy_from_templateDeploy a new VM from Content Library template or clone from existing VM
vm_name, datastore_name, template_name, and many optional customization parameters
Tool
Description
Parameters
vsphere_content_library_get_infoGet information about Content Libraries and their items
library_name, library_id, list_items, item_name
vsphere_content_library_template_infoGet detailed OVF/OVA template info including vApp properties
template_name, library_name, library_item_id
Tool
Description
Parameters
vsphere_host_get_infoGet detailed information about a specific ESXi host
host_name or host_id
vsphere_host_listList all ESXi hosts with optional filters
datacenter, cluster, connection_state
Tool
Description
Parameters
vsphere_cluster_get_infoGet detailed information about a vSphere cluster
cluster_name or cluster_id
vsphere_resource_pool_get_infoGet detailed information about a resource pool
pool_name or pool_id
Tool
Description
Parameters
vsphere_vswitch_get_infoGet information about virtual switches (standard and distributed)
host_name, vswitch_name
vsphere_portgroup_get_infoGet information about portgroups
host_name, portgroup_name
Tool
Description
Parameters
vsphere_performance_get_statsGet performance statistics for VMs or hosts
entity_type (vm/host), entity_name, metrics
vsphere_health_checkComprehensive health check of vSphere infrastructure
None
Required (vSphere Connection)
Variable
Description
VSPHERE_HOSTvCenter or ESXi hostname/IP
VSPHERE_USERNAMEvSphere username
VSPHERE_PASSWORDvSphere password
Variable
Default
Description
VSPHERE_PORT443vSphere API port
VSPHERE_VERIFY_SSLfalseVerify SSL certificates
TRANSPORTstreamable-httpTransport type (stdio, streamable-http)
PORT3012Server port
HOST0.0.0.0Server bind address
DISABLE_JWT_AUTHfalseDisable JWT authentication
AZURE_AD_TENANT_ID-
Azure AD tenant ID (required if JWT enabled)
AZURE_AD_CLIENT_ID-
Azure AD client ID (optional)
Python 3.10 or higher
pip (Python package installer)
Access to a vSphere/ESXi environment
# Clone the repositorycd vsphere-mcp
# Create virtual environmentsource venv/bin/activate # On Windows: venv\Scripts\activate# Install dependencies# Configure environment# Create from example if available# Edit .env with your vSphere credentials# Using FastMCP CLI (recommended)# Or directly with Python# STDIO transport (for MCP client testing)# Build locally.
# Run local build
HTTP Headers (Alternative Credentials)
You can pass vSphere credentials via HTTP headers instead of environment variables:
Header
Description
X-vSphere-HostvSphere hostname
X-vSphere-UsernamevSphere username
X-vSphere-PasswordvSphere password
X-vSphere-PortvSphere port
X-vSphere-Verify-SSLSSL verification (true/false)
The server supports two authentication modes:
JWT Authentication (production): Validates Azure AD JWT tokens. Requires AZURE_AD_TENANT_ID.No Authentication (development): Set DISABLE_JWT_AUTH=true
vsphere-mcp/
├── __init__.py # Package initialization
├── __main__.py # Entry point for module execution
├── server.py # Main server implementation
├── utilities.py # Utility functions (auth, credentials)
├── requirements.txt # Python dependencies
├── dockerfile # Container configuration
├── README.md # This file
└── tools/ # Tool implementations
├── vm_management/ # VM tools
├── content_library/ # Content Library tools
├── host_management/ # Host tools
├── resource_management/ # Cluster & Resource Pool tools
├── networking/ # vSwitch & Portgroup tools
└── monitoring/ # Performance & Health tools
Set VSPHERE_VERIFY_SSL=false in your environment variables.
Ensure your vSphere host is accessible and firewall rules allow traffic on port 443.
Verify vSphere credentials are correct
Check user has appropriate vSphere permissions
For JWT auth, ensure Azure AD configuration is correct
Never commit credentials to version control
Use environment variables or secure secret management
Enable SSL verification in production environments
Use JWT authentication in production deployments
Regularly rotate vSphere credentials
MIT