Table of Contents
Advertisement
vSphere Installation and Setup
Geographically
dispersed vCenter
Servers
vCenter Single Sign-On Components
vCenter Single Sign-On includes the Security Token Service (STS), an administration server, and vCenter
Lookup Service, as well as the VMware Directory Service (vmdir).
The components are deployed as part of installation.
STS (Security Token
Service)
Administration server
vCenter Lookup Service
VMware Directory
Service
Setting the vCenter Server Administrator User
The way you set the vCenter Server administrator user depends on your vCenter Single Sign On
deployment.
In vSphere versions before vSphere 5.1, vCenter Server administrators are the users that belong to the local
operating system administrators group.
56
vCenter Server Heartbeat is the only solution for availability if vCenter
Single Sign-On is on a physical server. With either vSphere HA or vCenter
Server Heartbeat, this deployment provides complete protection of the
centralized vCenter Single Sign-On environment.
If your vSphere deployment includes vCenter Servers in different locations,
it is not advisable to use a remote centralized vCenter Single Sign-On
environment for vCenter Server authentication. Instead, you can provide one
or more vCenter Single Sign-On instances at each location. Depending on the
deployment of vCenter Servers at each location, you can use one of the same
availability strategies described above in the options "Single vCenter Server
with local vCenter Single Sign-On in Basic deployment mode" and "Multiple
vCenter Servers in a single location with one vCenter Single Sign-On server."
STS certificates enable a user who has logged on through vCenter Single
Sign-On to use any vCenter service that vCenter Single Sign-On supports
without authenticating to each one. The STS service issues Security Assertion
Markup Language (SAML) tokens. These security tokens represent the
identity of a user in one of the identity source types supported by vCenter
Single Sign-On.
The administration server allows users with administrator privileges to
vCenter Single Sign-On to configure the vCenter Single Sign-On server and
manage users and groups from the vSphere Web Client. Initially, only the
user administrator@vsphere.local has these privileges.
vCenter Lookup Service contains topology information about the vSphere
infrastructure, enabling vSphere components to connect to each other
securely. Unless you are using Simple Install, you are prompted for the
Lookup Service URL when you install other vSphere components. For
example, the Inventory Service and the vCenter Server installers ask for the
Lookup Service URL and then contact the Lookup Service to find vCenter
Single Sign-On. After installation, the Inventory Service and vCenter Server
system are registered in vCenter Lookup Service so other vSphere
components, like the vSphere Web Client, can find them.
Directory service associated with the vsphere.local domain. This service is a
multi-tenanted, multi-mastered directory service that makes an LDAP
directory available on port 11711. In multisite mode, an update of VMware
Directory Service content in one VMware Directory Service instance results
in the automatic update of the VMware Directory Service instances
associated with all other vCenter Single Sign-On nodes.
VMware, Inc.
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the VS4-ENT-PL-A - vSphere Enterprise Plus and is the answer not in the manual?