Home > Blogs > VMware vSphere Blog > Tag Archives: vCenter SSO

Tag Archives: vCenter SSO

vCenter Single Sign-On 5.5 – Backwards Compatible?

Part of my role at VMware is to  work closely with our customers and partners, sharing experiences and feedback with internal VMware Product Management and Engineers to help make our products better. One area that has been dominantly more focused than others over the last 12 months has obviously been vCenter Single Sign-On.

Due to this feedback, one of the drivers for the new vCenter Single Sign-On was to provide backwards compatibility and to highlight this, a recent Knowledge Base article released.

Supported vCenter Single Sign-On 5.5 configuration and interoperability with vSphere 5.1 (2059249)

Continue reading

Allow me to introduce you to vCenter Single Sign-On 5.5

With the announcement at VMworld on the upcoming vSphere 5.5 release, one area that I have been greatly involved with (hence why I have been in stealth mode), has been the new and improved vCenter Single Sign-On. You may still say why do we need it? and why change something that wasn’t broke to begin with! but hang in there and let me highlight the changes and the benefits you will see as you begin to look at vCenter Server 5.5.

With the new release, this shows we heard you loud and clear! vCenter Single Sign-On 5.1 at release lacked some expected functionality (limited Active Directory integration), complex to manage (SSL Certificates) as well as lack of guidance on how to best deploy vCenter Single Sign-On. Not to knock the current version with vCenter Server 5.1 Update 1b which is now a very stable platform to build on and guidance available via a recent deployment whitepaper, vCenter Single Sign-On 5.5 builds on these challenges and now provides a rich and fully capable vSphere authentication experience with much of the complexity removed.

Continue reading

Linked mode with SSO for SRM

With the introduction of Single Sign On in vCenter 5.1, it poses a change in behaviour for those of you using linked mode.   This post will outline some of the considerations for why or why not to use linked mode with SSO and SRM in 5.1, and how to install SSO in multi-site mode in order to take advantage of linked mode.

Mostly linked mode is used by customers with Site Recovery Manager for purposes of visibility of both your protected and recovery sites including protection status and looking at the placeholders so you can see what is protected for recovery.  Linked mode also gives easier license sharing between sites, so you can install the same SRM key at both sites and have automated transfer of per-VM usage between sites when migrating or failing-over between sites.

Continue reading

vCenter Single Sign-On – Part 2: Deployment Options

Now you understand what vCenter Single Sign-On (SSO) provides, as you start to design or upgrade to your vSphere 5.1 environment, particular attention needs to be given in the planning stages around the placement and configuration of the SSO server. This will always be the first component to be installed; regardless of fresh install or upgrading from a previous version. The SSO server can be deployed in a number of configurations and I will explain these options and too why you may use each option.

During the installation process you will be presented with the below screen which is a key decision on which deployment method of SSO you would like to deploy. It is very important that you have planned your SSO deployment as changing this configuration later is possible but not an easy achievement. Continue reading

Whats New in vCenter Server 5.1

With the General Availability of the vSphere 5.1 release i wanted to share what that means for vCenter Server 5.1. Some of the highlights of this release are:
The vSphere Web Client: 
Our new, full featured Web Client, provides a platform independent administrative UI.  The browser based client is now the primary client for vSphere administrators in vSphere 5.1.  The vSphere Web Client is built around improved a consistent usability experience, concurrent session performance and designed to scale for an increased number of administrators.  As the new administrative face of the Cloud Infrastructure Suite, the Web Client also offers a rich set of integration points that allows other VMware solutions and 3rd party solutions to integrate seamlessly into one single pane of glass for all VMware administrators.
Ability to view multiple vCenters on the same vSphere Web Client without the need for Linked mode. Search capabilities across all these vCenter instances. Now you can find your VM from thousands spread across multiple vCenter instances. 
vCenter Single Sign On Service:
This newly introduced service enables support for authentication against multiple identity sources at the same time, including Active Directory (AD) and OpenLDAP. Multiple AD domains can be connected to vCenter Sign Sign On. vCenter now supports open identity standards such as SAML 2.0 and WS-TRUST. This also enables Single Sign On between vCloud Director Admin user interface and vSphere Web Client. 
vCenter Inventory Tagging:
vCenter now supports Tagging of its inventory. Tags can be created and assigned to one or more vCenter objects as a grouping mechanism. Objects can be searched using tags as well. If you had always wanted to place the same VM in multiple folders, you can now tag the same VM with multiple tags as a way to organize these VMs any way you want. 
vCenter Performance Optimizations:
Significant performance improvements have been achieved, for example in the area of vCenter’s statistical data. No matter how large your environment is you will no longer encounter performance issues creating, rolling or purging stats, no matter which stats level you choose to use. Stats get rolled up in minutes as opposed to hours irrespective of the granularity or level of rollups. Improvements in database improves the overall performance of vCenter. 
Some useful links: 
Release Notes: 
Download Landing Page: 
Documentation Landing Page: 

Overview Videos:

What’s New In vSphere 5.1 API, vSphere Web Client SDK & vCenter SSO SDK

vSphere 5.1 has been officially released and with all the new features and enhancements of the vSphere platform, there are also new vSphere APIs that are available for administrators, developers and partners to integrate and automate with.

vSphere API

Here is a quick look at just a few of the new vSphere 5.1 APIs:

  • Ability to specify a default Virtual Machine Compatibility (Virtual Hardware Version) at the Datacenter level, which helps guarantee a particular VM compatibility using the ReconfigureDatacenter_Task
  • Enable the new VDS (Virtual Distributed Switch) Health check feature which allows you to quickly determine if you have any miss-configurations in your physical network setup such as incorrect MTU, missing VLAN entries or network adapter teaming using the UpdateDVSHealthCheckConfig_Task
  • Another very cool feature in vSphere 5.1 is the ability to backup and restore your VDS configurations. This can be very useful to have prior to making any changes on your VDS and/or Distributed Portgroups using the new DVSManagerExportEntity_Task and to be able to quickly restore in case a mistake was made by using the new DVSManagerImportEntity_Task

To get the complete list of the new vSphere 5.1 API managed object types, methods and properties, be sure to check out the vSphere 5.1 API Reference Guide which provides a “What’s New” section.

vSphere Web Client SDK

In addition to the new vSphere 5.1 API, we are also introducing the new vSphere Web Client SDK which will allow developers and partners build and extend the new vSphere Web Client user interface. The new vSphere Web Client has been designed from the ground up to have an extensible framework and below is a quick glance at some of the extension points that are available.

Extending vSphere Objects

Extending Sub-Tabs to vSphere Objects

Adding Custom Objects to Inventory

As you can see the new vSphere Web Client is extremely customizable and I am looking forward to seeing all the new plugins from our partners and community!

Download: vSphere Web Client SDK

vCenter Single Sign-On SDK

Finally we also have the new vCenter Single Sign-On SDK which provides support for developing custom client applications leveraging SAML tokens for authentication to the vCenter SSO Server for access. This allows developers to get the same benefit of vCenter SSO with your own custom client applications without having to worry about managing multiple logins.

Download: vSphere Management SDK (includes vCenter SSO SDK)

Get notification of new blog postings and more by following lamw on Twitter:  @lamw