A customer recently asked me “How do I replace the “external” SSL certificate of vCenter but still use VMCA in default mode?” Ever curious, I asked “Why?”. His security team required that any “externally” facing management web pages needed to have a custom certificate that chained up to the corporate PKI. But behind that, they were totally cool with using VMCA in default mode (with the self-generated root certificate) for things like ESXi servers and solution users.
Tag Archives: SSO
Over the course of the last few months I’ve been working on a pretty massive deployment guide for vCenter Server 6, the result turned into a 100 page guide. Before getting scared off by the size the guide it goes into details for installing and upgrading many different scenarios including new installs and upgrades from the most common configurations.
Today VMware released an update to its vCenter Server management solution.
vCenter Server 5.5 Update 2d | 27 JAN 2015 | Build 2442329
vCenter Server 5.5 Update 2d Installation Package | 27 JAN 2015 | Build 2442328
vCenter Server Appliance 5.5 Update 2d | 27 JAN 2015 | Build 2442330
While this is a minor release it does resolve many issues previously experienced as summarized here:
Today VMware released Update 2 of its vSphere management solution, vCenter Server. In this release there are updates to the supported database versions and many resolved known issues.
- vCenter Server database support: vCenter Server now supports the following external databases:
- Oracle 12c. Important: For pre-requisite requirements, see KB 2079443.
- Microsoft SQL Server 2012 Service Pack 1
- Microsoft SQL Server 2014
- vCloud Hybrid Service: The vCloud Hybrid Service (vCHS) introduces a new container, Hybrid Cloud Service, on the vSphere Web Client home page. The Hybrid Cloud Service container contains the vCHS installer and the new vCloud Connector installer.
- Customer Experience Improvement Program: The vSphere customer experience improvement program is introduced to collect configuration data for vSphere and transmit weekly to VMware for analysis in understanding the usage and improving the product. For more details, see the vSphere Documentation Center.
Today VMware released an update to its virtualization management solution, vCenter Server. The update brings several fixes as documented in the release notes which can be reviewed in full here.
The new versions are as follows:
- vCenter Server 5.5 Update 1b | 12 JUN 2014 | Build 1891313
- vCenter Server 5.5 Update 1b Installation Package | 12 JUN 2014 | Build 1891310
- vCenter Server Appliance 5.5 Update 1b | 12 JUN 2014 | Build 1891314
downloaded now from vmware.com
As hinted throughout most of the day, the vCenter Server 5.5 Update 1 has been publicly released this evening.
vCenter Server 5.5 Update 1 | 11 MAR 2014 | Build 1623101
vCenter Server 5.5 Update 1 Installation Package | 11 MAR 2014 | Build 1623099
vCenter Server Appliance 5.5 Update 1 | 11 MAR 2014 | Build 1624811
- vCloud® Hybrid Service™ vSphere® Client Plug-in, is now available in vSphere Web Client
- vCenter Server is now supported on Windows Server 2012 R2
- This release delivers a number of bug fixes
Full release notes can be found here
Download bits here
Over the last few months, many customers have been testing and familiarizing themselves with vSphere 5.5 however deployment into a production environment is usually stalled until the availability of the first update or service pack. As we are nearing the typical time frame of when such an update or service pack may become available, I wanted to share some findings that may affect your deployment selection of vCenter Single Sign-On when deploying or upgrading to vCenter Server 5.5
During the installation of vCenter Single Sign-On server you are asked on the deployment option of the vCenter Single Sign-On instance. Below is the intended use case for each deployment option.
Many of you have now kicked the tires with vSphere 5.5 either in your home lab or on some servers at work and you’re anxious to get all the new goodies running in your production environment. Perhaps some of you early adopters are already running in full production, but we’re guessing many of you are just contemplating your major upgrade now.
VMware’s Tech Support staff tend to see a surge during the month of March in number of calls to support. But guess what? Many of the issues we’re anticipating are already resolved, and we’ve been busy compiling and documenting solutions to common problems that you can handle yourself.
Those of you installing or upgrading your vSphere hosts, and vCenter Server instances to version 5.5 will find the following KB articles and Support Insider posts of great interest.
While VMware highly recommends the deployment of all vCenter Server components into a single virtual machine (excluding the vCenter Server database), large enterprise customers running multiple vCenter Server instances within a single physical location can simplify the vCenter Single Sign-On architecture and management by reducing the footprint and required resources and specify a dedicated vCenter Single Sign-On environment for all local resources in each physical location.
For vSphere 5.5 the VMware recommendation is to centralize vCenter Single Sign-On when you have 8 or more vCenter Server instances in a given location (this is a soft recommendation).
Centralized vCenter Single Sign-On Architecture
There can be increased risk when centralizing a vCenter Single Sign-On server (to why it is not recommended for smaller environments) due to the increased number of components affected if the vCenter Single-Sign-On server was to become unavailable, in short all vCenter Server components of all vCenter Servers registered will incur authentication loss (when compared to just the single vCenter Server instance when installed locally) and so availability of the vCenter Single Sign-On centralized server(s) is highly recommended. Continue reading
One question that we often get from customers is how to load balance SSO. While we do have documentation and support for setting up Apache to load balance SSO many customers already own a load balancer or do not wish to use Apache.