What is new in VMware Single Sign-On 2.0

This post is part of a series of blogpostings on VMworld 2013 announcements. See here for a complete overview of all announcements.

VMware introduced Single Sign-on (SSO) with VMware vSphere 5.1. The product promised single sign on to a range of VMware solutions. Basically it sat between the vSphere client and an authentication source like Microsoft Active Directory or an LDAP server.

However, SSO has a lot of technical issues. It was a requirement to install, even in very small infrastructures. The software

vCenter Single sign-on 5.5  

The installation has been drastically improved. SSO was introduced in vSphere 5.1.

SSO is a standalone component which is not tied to vCenter Server. Vmware solution like the vCloud Suite, view and vCO are using SSO. SSO in 5.1 was an OEM-product. Ij 5.5 Vmware decided to built SSO from the ground up al in house. They team who built SSO 5.5 fixed a lot of the challenges custoimers had with the SSP 5.1

Improved architecture:
multi-master, built in replication and site awareness

There is no database anymore. Data is stored and replicated in a different model. It is now an embeded LDAP store.

Onde deployment model for all scenarios.

Diagnostics and troubleshooting tools

Vmware recommends to install all components in a single VM and use the simple install when installing vCenter Server. Sso scales to 1000 hosts and 10,000 vms’

A single SSO authentication domain can be spread over multiple sites. This does not mean that if a SSO instance in a particular site is lost, authentication will be done by other sites. You will need to make SSO in each site highly available by vCenter HA or vCenter Heartbeat

Make sure the VC administrator is set to administrator@vsphere.local. Do not set the Vc administrator to be a local OS account!  This replaces admin@systemdomain

In SSO 5.1 Vmware treated Active Directory as a LDAP server. In SSO 5.5 native Active Directroy is used. Customers are strongly advised to use native Active Directory. AD as an LDAP server is still supported in 5.5 for backwards compatibility but not likely to be supported in post 5.5 releases.

There will be an updates certificate automation tool


About Marcel van den Berg
I am a technical consultant with a strong focus on server virtualization, desktop virtualization, cloud computing and business continuity/disaster recovery.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: