Skip to content

VMware vSphere Single Sign On 5.1

by on March 12, 2013

A new infrastructure component appears with vSphere 5.1: Single Sign On (SSO). This component is designed to provide SSO across all the vSphere products, particularly in the vCloud Suite. Not all vSphere products use SSO at this moment, but VMware plans to integrate it with all vSphere products.

However, as of version 5.1, vCenter no longer passes the login user authentication request to Active Directory – SSO does this.

If SSO 5.1 is not available, then one cannot log into vCenter 5.1. Planning your 5.1 install or upgrade is required to ensure that all options are considered based on the current or new environment architecture. The install order for 5.1 new or upgrade implementations is SSO, Inventory Service then vCenter.

Other LDAP sources can be used with SSO. VMware KB 2034918 is an FAQ on Single Sign On that lists the following:

  • SSO can add multiple AD domains, OpenLDAP, and the local operating system where SSO is deployed. It also lets you create local users and groups.
  • SSO now allows VMware vSphere to connect to a non-AD Identity Source, OpenLDAP.
  • SSO supports the SAML 2.0 standard and WS-TRUST, both of which are open industry standards.
  • SSO lets users delegate tasks to solutions that can run as the identity of the user.
  • SSO supports identity delegation for long-lived tasks with the ability to renew tokens.

SSO can be installed on the vCenter server if only one vCenter server exists in the environment. Otherwise install SSO on a separate server. SSO can be installed in an HA configuration, as part of a local SSO cluster, and/or in a multi-site configuration with SSO installed on separate servers, for example in production and DR.

As of this post, there are some items that should be noted prior to an upgrade or new install.

  • The admin@System-Domain user name cannot be changed.
  • The password if lost for admin@System-Domain cannot be changed.
  • The RSA_USER and RSA_DBA database SQL user ids must be SQL Authentication.
  • The passwords automatically created by the installation script for the RSA_USER and RSA_DBA users cannot be changed. If different passwords are needed then manually create the users before installing SSO.

Additional resources are available online for planning and troubleshooting. For the SSO installation, begin with vSphere 5.1 Installation and Configuration Guide, and/or vSphere 5.1 Upgrade guides.

Or access the online documentation available from VMware for vSphere 5.1.

From → Virtualization

Comments are closed.

%d bloggers like this: