Welcome to Wildcard IT Training. This workshop is titled “Installing vCenter Single Sign-On".
The objectives of this workshop are listed on the right.
Press the 'Continue' button below to begin.
In the last workshop, we began the installation of Windows Server 2012 R2 on our virtual machine named ‘vCenter’.
We are now connected to this virtual machine and have joined it the WildcardIT.net domain. We will now walk through the process of installing VMware vCenter components before logging into a vCenter to the first time.
We can see the D Drive of this server contains the VMware VIM DVD. This is an ISO image that is mounted from the vSphere Client. This contains the installation files for the vCenter componenets.
Double-click on this to launch the installation wizard.
The VMware vCenter Installer launches.
vCenter is comprised of four components, vCenter Single-Sign On, vSphere Web Client, vCenter Inventory Service and finally vCenter Server.
It is possible to complete a ‘Simple Install’ where all components are installed on the same server with little input required. However, we will perform a ‘Custom Install’ so as to talk through each component individually.
Click ‘Custom Install’ to show the process overview.
Installing the four components individually allows us to location and configuration of each component. For example, we can install vCenter Single Sign-On (SSO) on a separate server than the vSphere Web Client.
We will install all components on the virtual machine named vCenter.
In this chapter, we will install vCenter Single-Sign On – also known as SSO.
Click ‘vCenter Single Sign-On’ to begin.
Before we begin, let’s ensure we understand what VMware vCenter Single Sign-On is.
SSO was introduced with vSphere 5.1 and allows us to provide a secure access to our vSphere solutions. When we sign in, our authentication details are passed to the vCenter Single Sign-On server which we can configure with multiple identity sources such as OpenLDAP or Active Directory.
These credentials are then exchanged for a security token which is used to grant, or deny, access to vSphere components depending on the permissions defined.
SSO is a prerequisite for the vSphere Web Client, the vCenter Inventory Service and the vCenter Server.
Click ‘Install’ to begin.
The vCenter Single Sign-On Setup wizard begins.
It should be noted that it is critical that we install the vCenter components in the correct order. Firstly, we install Single Sign-On, then the Web Client, the Inventory Service and finally with vCenter Server.
Click ‘Next’ to start the installation process.
In the real world, we should fully read and understand the licence agreement.
Tick the box to accept the terms.
Click ‘Next’ to perform a prerequisites check.
The Single Sign-On Prerequisites Check runs with the result shown.
Our hostname is vCenter and our fully qualified domain name is vCenter.WildcardIT.net. This is because this server is joined to the WildcardIT.net domain.
DNS resolution is also successful.
Notice the checkbox named ‘Add WildcardIT.net as a native Active Directory identity source’. As we learned earlier, Single Sign-On allows us to specify multiple identity sources where credentials are checked against. Leaving this box ticked adds our WildcardIT.net domain to be automatically added as such a source.
Click ‘Next’ to begin.
We have three choices regarding the type of Single Sign-On server we wish to install.
A High Availability deployment allows us to create multiple instances of vCenter Single Sign-On. One of these instances is defined as the primary instance with the remainder as slaves. These instances all share the same database and are placed behind a load balancer. If the primary instance of SSO were to fail, one of the slaves would be elected to become the new primary instance, providing little or no downtime for SSO.
A Multisite Deployment is were replicas of the primary vCenter Single Sign-On instance are maintained at remote sites. These remote sites also provide authentication for local vCenters.
We will install a Standalone vCenter Single Sign-On solution. Click ‘Next’.
Although we have specified WildcardIT.net to be an identity source for SSO, the domain vSphere.local is the default identity source. Before we configure any other source, we can only log into our vCenter Server using the vSphere.local domain credentials. This domain only exists in the context of vCenter.
We must therefore create the Administrator password for this domain. This password should be complex as this account provides full administrator access to the vCenter server. Enter and confirm the password as:
Press ‘Next’ to continue.
Leave the site name as ‘Default-First-Site’ and press ‘Next’.
We must choose which port should be used for SSO to provide secure communications.
In this case, we can leave 7444, however we should be aware that depending on our network topology, there may be further work required to ensure this port is open any firewalls that will be traversed.
Whilst it is possible to change the location of the vCenter Single Sign-On installation, we will leave this in the default location.
Before we confirm the installation, we are given a chance to review our selections.
We will be creating a new installation with this server the first to be configured in the domain.
The domain name is vSphere.local. Remember, this is the default and is not linked to our Active Directory domain name.
We have chosen HTTPS port 7444 and selected the Default-First-Site.
Press ‘Install’ to begin the installation process of VMware vCenter Single Sign-On (SSO).
The installation process has completed successfully.
We have now completed the installation of vCenter Single Sign-On (SSO).
In the next Wildcard Workshop, we install the vSphere Web Client.
Press ‘Continue’ to review the objectives of this Workshop.
In this Workshop, we learned vCenter is comprised of four components which must be installed in the correct order.
We learned that the Single Sign-On component allows us to create multiple identity sources which can be used to grant or deny access to other vCenter components.
We created a password for the Administrator account of the vSphere.local domain, which is the default authentication domain.
Finally, we installed VMware vCenter Single Sign-On.
This completes the objectives of this Workshop. To continue to the next Workshop, installing vCenter Web Client, click ‘Next Workshop’ at the top of this screen.
Enter the password:
Installing vCenter Single Sign-On
Components of vCenter
What is Single Sign-On (SSO)
Purpose of vSphere.local domain
Create Administrator Password
Install vCenter Single Sign-On