If you new to vSphere 5.1 or 5.5, you might be asking what is the Single Sign On thing?!

 

"vCenter Single Sign On (SSO) is a component of the VMware Cloud Suite. SSO deals with identity management for administrators and applications that interact with the vSphere platform.

SSO is based on identity management technology built by RSA and specifically tailored for VMware Cloud Infrastructure deployment."

 

In english what this means is that previously when you logged into vCenter via vSphere Client you authenticated directly with Active Directory.

However now when vSphere Client connects to vCenter, it's authenticating via vCenter SSO. Which in turn has your Active Directory as an authentication method.

As the VMware product portfolio expands what VMware are trying to do is use SSO for authenticating all their products.

 

 

If you missed any of the previous parts of the series or want go back here is the jump list:

 

Single Sign On made it's first appearance in vSphere 5.1 (it skipped 5.0), and to be quite honest it was a very poorly made component of vSphere, it also required a SQL database and often failed to install.

Now in vSphere 5.5 they have made a number of changes, most notably a database is not required and instead it uses AD LDS which I'm very happy about!

 

The next thing you might be thinking is where do I install this, do I need another server for SSO?

No SSO, vCenter, vSphere Client, vSphere Web Client and vSphere Update Manager can all be installed on a single server (and in most cases it is).

If you want you can also install each one on it's own dedicated server.

 

First thing to note when running the vSphere 5.5 installer and you get the below bunch of install options (see first image).

I never go for the "Simple Install" even if I'm installing all the roles on one server, my experience is if one of the components has a problem you can work out the issues with that component before moving on.

Instead I run the installed for each component separately, it's really not any bother doing it this way.

 

 

 

Here we will be installing all the components on the one server, but I won't be using the simple installer.

 

 

1. Insert DVD or unzip "VMware-VIMSetup-all-5.5.0-xxxxxx.zip"

If it does not autorun, use "autorun.exe" in the root of the cd or folder. Click "vCenter Server" to start the installation.

 

2. Click "vCenter Single Sign On"

Note: DON'T go for the "Simple Install"

 

 

 

3. The vCenter Single Sign On installation wizard will start. Good luck! Click Next.

 

 

 

4. Read the license, agree and Click Next.

 

 

 

5. Tick "Add <your domain> as a native Active Directory identity source".

This is to save you adding it manually later.

 

 

 

6. Select "vCenter Single Sign On for your first vCenter Server"

 

 

 

7. Enter a password for the vCenter SSO administrator account

Note: This is a local user in the SSO database, it's neither a local windows user or AD user.

If Active Directory authentication stops working you can still login with the "This email address is being protected from spambots. You need JavaScript enabled to view it." user so make sure you keep this password safe.

 

 

 

8. Enter a name for your site (e.g. London)

 

 

  

10. Keep the HTTPS port as the default 7444 where possible.

 

 

 

11. Select the directory in which to install vCenter SSO.

 

 

 

12. Confirm the installation options before pressing "Install".

 

 

 

13. vCenter SSO will being to install and configure an AD LDS instance.

 

 

 

14. And that's vCenter SSO installed. Much easier than in vSphere 5.1 - thanks VMware!

 

 

Next up Part 3 - vCenter Inventory Service

 

If you missed any of the previous parts of the series or want go back here is the jump list:

 

 

 

Share this blog post on social media:

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2016 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes