Our team of experts designed NAKIVO Backup & Replication specifically to work with vSphere and ESXi. At NAKIVO, we know VMware inside and out. This blog post is part of a series on VMware administration. The SSO domain is a critical part of any vSphere architecture, providing the mechanism for simplifying and centralizing access control as well as privilege management across the board for the vSphere family of products. Many choose an SSO domain name with “.local” as a suffix. Another point to remember is that issues can arise if you set the SSO domain to mirror the AD domain name. As already mentioned, SSO provides a token exchange mechanism for authenticating with identity sources such as AD, etc.
The SSO domain is the default identity source of the vSphere environment when no other authentication domain (such as Active Directory) is specified. There’s a Free Edition of NAKIVO Backup & Replication – download it and back up your VMware virtual machines for Free! The SSO administrator, password, SSO domain name, and SSO Site name are configured during installation. The Single Sign-On domain for vSphere is also configured during the deployment of the VCSA appliance. The PSC can be configured as the Embedded Platform Services Controller or as an External Platform Services Controller.
The platform services controller is set up during the configuration of the VCSA appliance. The SSO piece of the vCenter infrastructure is handled by the Platform Services Controller VM when vCenter is installed. This allows for resources across the suite of products to be controlled/granted for a particular user with SSO. SSO authentication also improves the security and agility of the VMware vSphere authentication mechanism by allowing token-based authentication.Īnother reason SSO is important is that today’s suite of VMware vSphere products integrates with vCenter through the SSO authentication piece. SSO allows not only Active Directory authentication, but also any other Security Assertion Markup Language (SAML) 2.0–based authentication source.
However, starting with vSphere 5.1, VMware introduced Single Sign-On or SSO to address the problem of managing multiple ESXi hosts and other vSphere resources with the same user credentials. Prior to vSphere 5.1, vSphere authentication was performed either via the local security authority on vCenter server or via Active Directory (AD).
0 kommentar(er)
