With the introduction of vSphere 5.1, VMware has introduced a new vCenter architecture & SSO ( Single Sign On). This is seems to be the first thing being noticed by customers when deploying vSphere 5.1 as its not exactly what they used to. Prior to vSphere 5.1 all vCenter services were installed at once on a single server without giving you the option of spreading them across multiple servers or not installing certain services. To allow vCenter to scale even further, in vSphere 5.1 you got the option to install four separate services that constitute the vCeter Server 5.1 platform. These are:
• vCenter Single Sign On (SSO)
• vCenter Inventory Service
• vCenter Server
• vSphere Web Client
It is important to understand that you can install all those services on the same machine/VM without any problem, & that what is actually being done if you choose the simple install when installing vCenter. If your environment setup is made of a single vCenter then this simple setup would be more than adequate for your environment, and you have no reason to split these components up. On the other hand, if you have multiple vCenters in your environment and its larger more complex environment then you are better off installing those components on different machines by using their separate installation links for a better scalability.
Another thing to notice is the order recommended you install those component with is a bit different in from scratch installation in comparison with an upgrade. Below is both orders:
Fresh Installation: SSO => vCenter Inventory Service => vCenter => Web Client
Upgrade: SSO => Web Client => vCenter Inventory Service => vCenter
Note: In the upgrade path the Web Client was done early in the process, so you can configure SSO as required early in the process.
vSphere 5.1 has introduced Single Sign On, which it can be confusing at a first glance as all the authentication process has been moved from vCenter to the SSO component this move will have a great advantage for larger environment and future integration. For example, in the future SSO will allow customers with multiple vCenter, vCloud Director, VMware View, vCO and so on to authenticate only once and then access all services that he has permission to access without having to ever type his user name/password again. I can even see it where the same SSO is used to authenticate against public cloud vendors in the future. Though the introduction of SSO has introduced different challenges & a bit of extra knowledge required by the vCenter admin to coupe up with this change. Though we got you covered, the below sources got all the details you need about SSO. Please make sure to look at them before installing/upgrading to vSphere 5.1 to ensure a smooth transition.
Single Pointer to all SSO resources
http://blogs.vmware.com/kb/tag/sso
vCenter 5.1.0a README
http://www.vmware.com/files/pdf/vCenter-Server-510a-README.pdf
Installing Custom SSL Certificates
http://blogs.vmware.com/kb/tag/sso
Last note, Before upgrading your current vSphere environment to 5.1 make sure your certificates have not expired as earlier versions of vSphere did not put as much emphasis on certificates after the initial installation where vSphere 5.1 needs a valid Certificate all the time to function so make sure you update your current certificate before upgrading if your certificate has expired. The last link above has links covering this topic in more details though I thought to give you an early hint as it seems quite common to have an expired certificate into your vSphere environment at the moment.
Hope this of help and value! Leave any tips or experience you had with the new vSphere 5.1 in the comment area below.
3 responses to “VMware vSphere 5.1 new vCenter architecture & Single Sign on”
[…] Article) VMware vCenter 5.1 SSO Installation Error 29133: Administrator login Error (Valco Labs) VMware vSphere 5.1 new vCenter architecture & Single Sign on (Virtualization Team) vCenter SSO 5.1 Install Issues (VMwise) vCenter SSO Config + Multiple Domains […]
[…] VMware vSphere 5.1 new vCenter architecture & Single Sign on […]
With the introduction of vCenter architecture & SSO it really helps user to just single sign in process and then use the services.It will helpful to use all services without having to ever type his user name/password again.Great Work!!