Home » VMware Manuals » Computer Software » VMware VS4-ENT-PL-A » Manual Viewer

VMware VS4-ENT-PL-A Setup Guide - Page 58

Identity Sources for vCenter Server with vCenter Single Sign-On, Types of Identity Sources - client windows

View all VMware VS4-ENT-PL-A manuals

Add to My Manuals
Save this manual to your list of manuals

Page 58 highlights

vSphere Installation and Setup Identity Sources for vCenter Server with vCenter Single Sign-On Identity sources allow you to attach one or more domains to vCenter Single Sign-On. A domain is a repository for users and groups that the vCenter Single Sign-On server can use for user authentication. An identity source is a collection of user and group data. The user and group data is stored in Active Directory, OpenLDAP, or locally to the operating system of the machine where vCenter Single Sign-On is installed. Upon installation, every instance of vCenter Single Sign-On has the Local OS identity source identity source vpshere.local. This identity source is internal to vCenter Single Sign-On. A vCenter Single Sign-On administrator user can create vCenter Single Sign-On users and groups. Types of Identity Sources vCenter Server versions earlier than version 5.1 supported Active Directory and local operating system users as user repositories. As a result, local operating system users could always authenticate to the vCenter Server system. vCenter Server version 5.1 and version 5.5 uses vCenter Single Sign-On for authentication. See the vSphere 5.1 documentation for a list of supported identity sources with vCenter Single Sign-On 5.1. vCenter Single Sign-On 5.5 supports the following types of user repositories as identity sources, but supports only one default identity source. n Active Directory versions 2003 and later. vCenter Single Sign-On allows you to specify a single Active Directory domain as an identity source. The domain can have child domains or be a forest root domain. Shown as Active Directory (Integrated Windows Authentication) in the vSphere Web Client. n Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On service included with vSphere 5.1. Shown as Active Directory as an LDAP Server in the vSphere Web Client. n OpenLDAP versions 2.4 and later. vCenter Single Sign-On supports multiple OpenLDAP identity sources. Shown as OpenLDAP in the vSphere Web Client. n Local operating system users. Local operating system users are local to the operating system where the vCenter Single Sign-On server is running. The local operating system identity source exists only in basic vCenter Single Sign-On server deployments and is not available in deployments with multiple vCenter Single Sign-On instances. Only one local operating system identity source is allowed. Shown as localos in the vSphere Web Client. n vCenter Single Sign-On system users. Exactly one system identity source named vsphere.local is created when you install vCenter Single Sign-On. Shown as vsphere.local in the vSphere Web Client. NOTE At any time, only one default domain exists. If a user from a non-default domain logs in, that user must add the domain name (DOMAIN\user) to authenticate successfully. vCenter Single Sign-On identity sources are managed by vCenter Single Sign-On administrator users. You can add identity sources to a vCenter Single Sign-On server instance. Remote identity sources are limited to Active Directory and OpenLDAP server implementations. For more information about vCenter Single Sign-On, see vSphere Security. Login Behavior When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on whether the user is in the default domain. n Users who are in the default domain can log in with their user name and password. 58 VMware, Inc.

Section	Page
vSphere Installation and Setup	1
Contents	3
About vSphere Installation and Setup	7
Updated Information	9
Introduction to vSphere Installation and Setup	11
Overview of the vSphere Installation and Setup Process	11
System Requirements	13
ESXi Hardware Requirements	13
Recommendation for Enhanced ESXi Performance	15
Hardware Requirements for vCenter Server, the vSphere Web Client , vCenter Inventory Service, and vCenter Single Sign-On	17
vCenter Server Software Requirements	22
vSphere Web Client Software Requirements	22
Providing Sufficient Space for System Logging	23
Required Ports for vCenter Server	23
Required Ports for the vCenter Server Appliance	25
Conflict Between vCenter Server and IIS for Port 80	26
DNS Requirements for vSphere	26
Supported Remote Management Server Models and Minimum Firmware Versions	27
Before You Install vCenter Server	29
Preparing vCenter Server Databases	30
vCenter Server Database Configuration Notes	30
Create a 64-Bit DSN	31
Confirm That vCenter Server Can Communicate with the Local Database	31
Maintaining a vCenter Server Database	32
Configure Microsoft SQL Server Databases	32
Create a SQL Server Database and User for vCenter Server	33
Set Database Permissions By Manually Creating Database Roles and the VMW Schema	34
Set Database Permissions by Using the dbo Schema and the db_owner Database Role	35
Use a Script to Create a vCenter Server User by Using the dbo Schema and db_owner Database Role	35
Use a Script to Create a Microsoft SQL Server Database Schema and Roles	36
Use a Script to Create Microsoft SQL Server Database Objects Manually	37
Configure a SQL Server ODBC Connection	40
Configure Microsoft SQL Server TCP/IP for JDBC	41
Configure a Microsoft SQL Server Database User to Enable Database Monitoring	42
Configure Oracle Databases	42
Configure an Oracle Database User	43
Use a Script to Create a Local or Remote Oracle Database	44
Use a Script to Create the Oracle Database Schema	44
Configure an Oracle Connection for Local Access	46
Configure an Oracle Database Connection for Remote Access	46
Connect to an Oracle Database Locally	47
Configure an Oracle Database User to Enable Database Monitoring	48
Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server	49
How vCenter Single Sign-On Affects vCenter Server Installation	51
vCenter Single Sign-On Deployment Modes	52
vCenter Single Sign-On and High Availability	54
vCenter Single Sign-On Components	56
Setting the vCenter Server Administrator User	56
Authenticating to the vCenter Server Environment	57
How vCenter Single Sign-On Affects Log In Behavior	57
Identity Sources for vCenter Server with vCenter Single Sign-On	58
Synchronizing Clocks on the vSphere Network	59
Synchronize ESX and ESXi Clocks with a Network Time Server	59
Synchronize the vCenter Server Appliance Clock with an NTP Server	60
Configure a Windows NTP Client for Network Clock Synchronization	60
Download the vCenter Server Installer	61
Using a User Account for Running vCenter Server	61
Installing vCenter Server on IPv6 Machines	61
JDBC URL Formats for the vCenter Server Database	62
Running the vCenter Server Installer from a Network Drive	63
Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service, vCenter Server, and the vSphere Web Client	63
Download the vCenter Server Installer	68
Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server Installation or Upgrade to Fail	69
Installing vCenter Server	71
vCenter Server Installation and Sign-In Process	71
vCenter Server Components and Support Tools	74
Download the vCenter Server Installer	75
Install vCenter Single Sign-On, the vSphere Web Client , vCenter Inventory Service, and vCenter Server by Using Simple Install	75
Install vCenter Single Sign-On, the vSphere Web Client, and vCenter Inventory Service as Part of a vCenter Server Simple Install	76
Install vCenter Server as Part of a Simple Install	77
Use Custom Install to Install vCenter Server and Required Components	78
Install the First or Only vCenter Single Sign-On Instance in a vCenter Server Deployment	79
Install an Additional vCenter Single Sign-On Node at an Existing Site	80
Install an Additional vCenter Single Sign-On Node at a New Site	81
Install or Upgrade the vSphere Web Client	82
Install vCenter Inventory Service Separately by Using Custom Install	83
Install vCenter Server as Part of a Custom Install	85
Add a vCenter Single Sign-On Identity Source	87
Active Directory Identity Source Settings	88
Active Directory LDAP Server and OpenLDAP Server Identity Source Settings	89
Assign Permissions in the vSphere Web Client	89
Hierarchical Inheritance of Permissions	90
Install or Upgrade vCenter Server Java Components Separately	92
Install or Upgrade vCenter Server tc Server Separately	93
vCenter Single Sign-On Installation Fails	93
Download and Deploy the VMware vCenter Server Appliance	94
Create a Custom Password on the First Boot for the vCenter Server Appliance	96
Configure a vCenter Server Appliance to Use the vCenter Single Sign-On of a Different Virtual Machine	97
Format for the vCenter Server Appliance Configuration File	98
After You Install vCenter Server	101
Install vCenter Server Components and Support Tools	102
Install the Client Integration Plug-In in the vSphere Web Client	102
Install or Upgrade the vSphere Web Client	103
Install a Local Copy of vSphere Web Client Help	104
Install the Update Manager Server	105
Install or Upgrade vSphere ESXi Dump Collector	106
Install or Upgrade vSphere Syslog Collector	108
Install or Upgrade vSphere Auto Deploy	109
Install or Upgrade VMware vSphere Authentication Proxy	110
Uninstall VMware vSphere Components	111
Creating vCenter Server Linked Mode Groups	111
Linked Mode Considerations for vCenter Server	112
Linked Mode Prerequisites for vCenter Server	113
Joining a Linked Mode Group During and After Installation	113
Join a Linked Mode Group After Installation	114
Isolate a vCenter Server Instance from a Linked Mode Group	115
Set the IP Address for a Linked Mode vCenter Server with Multiple Network Interfaces	115
Linked Mode Troubleshooting	116
Configure Firewall Access by Opening Selected Ports	116
Configuring VMware vCenter Server - tc Server Settings in vCenter Server	116
VMware vCenter Management Webservices Service Fails to Start	118
Back Up the Inventory Service Database on Windows	118
Restore an Inventory Service Database Backup on Windows	118
Back Up the Inventory Service Database on Linux	119
Restore an Inventory Service Database Backup on Linux	119
Reset the vCenter Inventory Service Database	120
Enable IPv6 Support for vCenter Inventory Service	121
Before You Install ESXi	123
Options for Installing ESXi	123
Interactive ESXi Installation	123
Scripted ESXi Installation	123
Auto Deploy ESXi Installation	124
Customizing Installations with ESXi Image Builder CLI	124
About ESXi Evaluation and Licensed Modes	124
Media Options for Booting the ESXi Installer	125
Download and Burn the ESXi Installer ISO Image to a CD or DVD	125
Format a USB Flash Drive to Boot the ESXi Installation or Upgrade	125
Create a USB Flash Drive to Store the ESXi Installation Script or Upgrade Script	127
Create an Installer ISO Image with a Custom Installation or Upgrade Script	128
PXE Booting the ESXi Installer	129
About the TFTP Server, PXELINUX, and gPXE	129
Sample DHCP Configuration	130
About PXE Configuration Files	132
PXE Boot the ESXi Installer by Using PXELINUX and a PXE Configuration File	132
PXE Boot the ESXi Installer by Using PXELINUX and an isolinux.cfg PXE Configuration File	133
PXE Boot the ESXi Installer Using gPXE	135
Installing and Booting ESXi with Software FCoE	136
Using Remote Management Applications	136
Required Information for ESXi Installation	136
Installing ESXi	139
Installing ESXi Interactively	139
Install ESXi Interactively	139
Install ESXi on a Software iSCSI Disk	141
Installing, Upgrading, or Migrating Hosts Using a Script	142
Approaches for Scripted Installation	142
Enter Boot Options to Start an Installation or Upgrade Script	142
Boot Options	143
About Installation and Upgrade Scripts	144
About the Default ks.cfg Installation Script	144
Locations Supported for the Installation Script	145
Path to the Installation or Upgrade Script	145
Installation and Upgrade Script Commands	145
Differences Between ESXi 4.x and ESXi 5.x Scripted Installation and Upgrade Commands	153
Disk Device Names	154
About the boot.cfg File	154
Install, Upgrade, or Migrate ESXi from a CD or DVD Using a Script	155
Install, Upgrade, or Migrate ESXi from a USB Flash Drive Using a Script	156
Performing a Scripted Installation or Upgrade of ESXi by PXE Booting the Installer	157
Installing ESXi Using vSphere Auto Deploy	157
Understanding vSphere Auto Deploy	157
Introduction to Auto Deploy	157
Rules and Rule Sets	159
Auto Deploy Boot Process	160
Auto Deploy Roadmap and Cmdlet Overview	164
Auto Deploy Roadmap	164
Auto Deploy PowerCLI Cmdlet Overview	165
Preparing for vSphere Auto Deploy	167
Prepare Your System and Install the Auto Deploy Server	167
Install PowerCLI and Prerequisite Software	170
Using Auto Deploy Cmdlets	170
Set Up Bulk Licensing	171
Managing Auto Deploy with PowerCLI Cmdlets	173
Assign an Image Profile to Hosts	173
Assign a Host Profile to Hosts	174
Assign a Host to a Folder or Cluster	175
Test and Repair Rule Compliance	176
Provisioning ESXi Systems with vSphere Auto Deploy	177
Provision a Host (First Boot)	177
Reprovisioning Hosts	178
Reprovision Hosts with Simple Reboot Operations	178
Reprovision a Host with a New Image Profile	179
Update the Host Customization in the vSphere Web Client	180
Using Auto Deploy for Stateless Caching and Stateful Installs	180
Introduction	181
Understanding Stateless Caching and Stateful Installs	182
Set Up Stateless Hosts to Use Auto Deploy with Caching	184
Prepare for Auto Deploy with Stateless Caching	184
Configure a Host Profile to Use Stateless Caching	185
Enable Stateful Installs for Hosts Provisioned with Auto Deploy	186
Prepare Hosts Provisioned with Auto Deploy for Stateful Installs	186
Configure a Host Profile to Enable Stateful Installs	186
Setting Up an Auto Deploy Reference Host	187
Understanding Reference Host Setup	188
Configuring an Auto Deploy Reference Host	189
Configure ESXi Dump Collector with ESXCLI	189
Configure Host Profiles for an Auto Deploy Reference Host with the vSphere Web Client	190
Set Up ESXi Dump Collector from the Host Profiles Interface in the vSphere Web Client	191
Set Up Syslog from the Host Profiles Interface in the vSphere Web Client	192
Set Up Networking for Your Auto Deploy Host in the vSphere Web Client	193
Consider and Implement Your Partitioning Stategy	193
Advanced Management Tasks	194
Reregister Auto Deploy	194
Set Up Host Profiles for Static IP Addresses in the vSphere Web Client	194
Using Auto Deploy with the VMware vCenter Server Appliance	195
Set Up the vCenter Server Appliance to Use a Standalone Auto Deploy Server	196
Set Up Auto Deploy on the vCenter Server Appliance	196
Host Customization in the vSphere Web Client	197
Auto Deploy Best Practices and Security Consideration	200
Auto Deploy Best Practices	200
Set up a Highly Available Auto Deploy Infrastructure	204
Auto Deploy Security Considerations	205
Troubleshooting Auto Deploy	205
Auto Deploy TFTP Timeout Error at Boot Time	205
Auto Deploy Host Boots with Wrong Configuration	205
Host Is Not Redirected to Auto Deploy Server	206
Auto Deploy Host with a Built-In USB Flash Drive Does Not Send Coredumps to Local Disk	206
Package Warning Message When You Assign an Image Profile to Auto Deploy Host	207
Auto Deploy Host Reboots After Five Minutes	207
Auto Deploy Host Does Not Network Boot	208
Auto Deploy Host Does Not Get a DHCP Assigned Address	208
Auto Deploy Host Cannot Contact TFTP Server	209
Auto Deploy Host Cannot Retrieve ESXi Image from Auto Deploy Server	209
Recovering from Database Corruption on the Auto Deploy Server	210
Problems if You Upgrade vCenter Server But Do Not Upgrade Auto Deploy Server	211
Auto Deploy Proof of Concept Setup	212
Proof of Concept Preinstallation Checklist	212
Install the TFTP Server	213
Install and Set Up vSphere PowerCLI	213
Prepare Auto Deploy Target Hosts	214
Prepare the DHCP Server	215
Prepare the DNS Server	216
Install Auto Deploy Server Software	217
Configure the Auto Deploy and TFTP Environment in the vSphere Web Client	218
Prepare the ESXi Software Depot	219
Set Up the First Host and Provision with Auto Deploy	220
Write Rules for the First Host	220
Provision the First Host	221
Configure the Proof of Concept Reference Host	222
Create and Apply a Host Profile with the vSphere Web Client	223
Create a Rule for Other Target Hosts	223
Provision All Hosts and Set Up Host Customizations	225
Using vSphere ESXi Image Builder CLI	225
Understanding Image Builder	226
Image Builder Overview	226
Software Depots and Their Components	227
Image Builder PowerCLI Overview	227
Image Profiles	228
Acceptance Levels	229
Structure of ImageProfile, SoftwarePackage, and ImageProfileDiff Objects	230
Image Builder Installation and Usage	233
Install Image Builder PowerCLI and Prerequisite Software	233
Using Image Builder Cmdlets	234
Image Builder Common Tasks	235
Create an Image Profile	235
Add VIBs to an Image Profile	236
Export an Image Profile to ISO or Offline Bundle ZIP	237
Preserve Image Profiles Across Sessions	238
Working with Acceptance Levels	239
Change the Host Acceptance Level	240
Set the Image Profile Acceptance Level	241
Image Builder Workflows	242
Examining Depot Contents	242
Creating Image Profiles by Cloning Workflow	243
Creating Image Profiles from Scratch Workflow	244
Editing Image Profiles Workflow	245
Setting Up ESXi	247
ESXi Autoconfiguration	248
About the Direct Console ESXi Interface	248
Configure the Keyboard Layout for the Direct Console	248
Create a Security Banner for the Direct Console	249
Redirecting the Direct Console to a Serial Port	249
Redirect the Direct Console to a Serial Port by Setting the Boot Options Manually	249
Redirect the Direct Console to a Serial Port from the vSphere Web Client	250
Redirect the Direct Console to a Serial Port in a Host Deployed with Auto Deploy	250
Set the Password for the Administrator Account	251
Configuring the BIOS Boot Settings	251
Change the BIOS Boot Setting for ESXi	251
Configure the Boot Setting for Virtual Media	252
Host Fails to Boot After You Install ESXi in UEFI Mode	252
Network Access to Your ESXi Host	253
Configure the Network Settings on a Host That Is Not Attached to the Network	253
Managing ESXi Remotely	254
Configuring Network Settings	254
Choose Network Adapters for the Management Network	254
Set the VLAN ID	255
Configuring IP Settings for ESXi	255
Configure IP Settings from the Direct Console	255
Configure IP Settings from the vSphere Web Client	255
Configuring DNS for ESXi	256
Configure DNS Settings from the Direct Console	256
Configure DNS Suffixes	256
Test the Management Network	256
Restart the Management Agents	257
Restart the Management Network	257
Disable the Management Network	257
Restoring the Standard Switch	258
Test Connectivity to Devices and Networks	258
Storage Behavior	258
About the Scratch Partition	260
Set the Scratch Partition from the vSphere Web Client	260
Host Stops Unexpectedly at Bootup When Sharing a Boot Disk with Another Host	261
View System Logs	261
Configure Syslog on ESXi Hosts	262
Enable Lockdown Mode Using the Direct Console	263
Enable Lockdown Mode Using the vSphere Web Client	263
Enable ESXi Shell and SSH Access with the Direct Console User Interface	264
Set the Host Image Profile Acceptance Level	264
Reset the System Configuration	265
Remove All Custom Packages on ESXi	266
Disable Support for Non-ASCII Characters in Virtual Machine File and Directory Names	266
Disable ESXi	266
After You Install and Set Up ESXi	267
Managing the ESXi Host with the vSphere Web Client	267
Licensing ESXi Hosts	267
About ESXi Evaluation and Licensed Modes	267
Recording the ESXi License Key	268
Access the ESXi License Key from the Direct Console	268
Access the ESXi License Key from the vSphere Web Client	268

Match case Limit results 1 per page

Identity Sources for vCenter Server with vCenter Single Sign-On

Identity sources allow you to attach one or more domains to vCenter Single Sign-On. A domain is a

repository for users and groups that the vCenter Single Sign-On server can use for user authentication.

An identity source is a collection of user and group data. The user and group data is stored in Active

Directory, OpenLDAP, or locally to the operating system of the machine where vCenter Single Sign-On is

installed. Upon installation, every instance of vCenter Single Sign-On has the Local OS identity source

identity source vpshere.local. This identity source is internal to vCenter Single Sign-On.

A vCenter Single Sign-On administrator user can create vCenter Single Sign-On users and groups.

Types of Identity Sources

vCenter Server versions earlier than version 5.1 supported Active Directory and local operating system

users as user repositories. As a result, local operating system users could always authenticate to the

vCenter Server system. vCenter Server version 5.1 and version 5.5 uses vCenter Single Sign-On for

authentication. See the vSphere 5.1 documentation for a list of supported identity sources with vCenter

Single Sign-On 5.1. vCenter Single Sign-On 5.5 supports the following types of user repositories as identity

sources, but supports only one default identity source.

Active Directory versions 2003 and later. vCenter Single Sign-On allows you to specify a single Active

Directory domain as an identity source. The domain can have child domains or be a forest root domain.

Shown as

Active Directory (Integrated Windows Authentication)

in the vSphere Web Client.

Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP

identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On

service included with vSphere 5.1. Shown as

Active Directory as an LDAP Server

in the vSphere Web

Client.

OpenLDAP versions 2.4 and later. vCenter Single Sign-On supports multiple OpenLDAP identity

sources. Shown as

OpenLDAP

in the vSphere Web Client.

Local operating system users. Local operating system users are local to the operating system where the

vCenter Single Sign-On server is running. The local operating system identity source exists only in basic

vCenter Single Sign-On server deployments and is not available in deployments with multiple vCenter

Single Sign-On instances. Only one local operating system identity source is allowed. Shown as

localos

in the vSphere Web Client.

vCenter Single Sign-On system users. Exactly one system identity source named vsphere.local is created

when you install vCenter Single Sign-On. Shown as

vsphere.local

in the vSphere Web Client.

OTE

At any time, only one default domain exists. If a user from a non-default domain logs in, that user

must add the domain name (

DOMAIN

user

) to authenticate successfully.

vCenter Single Sign-On identity sources are managed by vCenter Single Sign-On administrator users.

You can add identity sources to a vCenter Single Sign-On server instance. Remote identity sources are

limited to Active Directory and OpenLDAP server implementations.

For more information about vCenter Single Sign-On, see

vSphere Security

When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on

whether the user is in the default domain.

Users who are in the default domain can log in with their user name and password.

vSphere Installation and Setup

VMware, Inc.