vCenter Server Heartbeat is the only solution for availability if vCenter
Single Sign-On is on a physical server. With either vSphere HA or vCenter
Server Heartbeat, this deployment provides complete protection of the
centralized vCenter Single Sign-On environment.
Geographically
dispersed vCenter
Servers
If your vSphere deployment includes vCenter Servers in different locations,
it is not advisable to use a remote centralized vCenter Single Sign-On
environment for vCenter Server authentication. Instead, you can provide one
or more vCenter Single Sign-On instances at each location. Depending on the
deployment of vCenter Servers at each location, you can use one of the same
availability strategies described above in the options "Single vCenter Server
with local vCenter Single Sign-On in Basic deployment mode" and "Multiple
vCenter Servers in a single location with one vCenter Single Sign-On server."
vCenter Single Sign-On Components
vCenter Single Sign-On includes the Security Token Service (STS), an administration server, and vCenter
Lookup Service, as well as the VMware Directory Service (vmdir).
The components are deployed as part of installation.
STS (Security Token
Service)
STS certificates enable a user who has logged on through vCenter Single
Sign-On to use any vCenter service that vCenter Single Sign-On supports
without authenticating to each one. The STS service issues Security Assertion
Markup Language (SAML) tokens. These security tokens represent the
identity of a user in one of the identity source types supported by vCenter
Single Sign-On.
Administration server
The administration server allows users with administrator privileges to
vCenter Single Sign-On to configure the vCenter Single Sign-On server and
manage users and groups from the vSphere Web Client. Initially, only the
user [email protected] has these privileges.
vCenter Lookup Service
vCenter Lookup Service contains topology information about the vSphere
infrastructure, enabling vSphere components to connect to each other
securely. Unless you are using Simple Install, you are prompted for the
Lookup Service URL when you install other vSphere components. For
example, the Inventory Service and the vCenter Server installers ask for the
Lookup Service URL and then contact the Lookup Service to find vCenter
Single Sign-On. After installation, the Inventory Service and vCenter Server
system are registered in vCenter Lookup Service so other vSphere
components, like the vSphere Web Client, can find them.
VMware Directory
Service
Directory service associated with the vsphere.local domain. This service is a
multi-tenanted, multi-mastered directory service that makes an LDAP
directory available on port 11711. In multisite mode, an update of VMware
Directory Service content in one VMware Directory Service instance results
in the automatic update of the VMware Directory Service instances
associated with all other vCenter Single Sign-On nodes.
Setting the vCenter Server Administrator User
The way you set the vCenter Server administrator user depends on your vCenter Single Sign On
deployment.
In vSphere versions before vSphere 5.1, vCenter Server administrators are the users that belong to the local
operating system administrators group.
vSphere Installation and Setup
56
VMware, Inc.
Summary of Contents for VS4-ENT-PL-A - vSphere Enterprise Plus
Page 6: ...vSphere Installation and Setup 6 VMware Inc ...
Page 8: ...vSphere Installation and Setup 8 VMware Inc ...
Page 10: ...vSphere Installation and Setup 10 VMware Inc ...
Page 28: ...vSphere Installation and Setup 28 VMware Inc ...
Page 70: ...vSphere Installation and Setup 70 VMware Inc ...
Page 100: ...vSphere Installation and Setup 100 VMware Inc ...
Page 122: ...vSphere Installation and Setup 122 VMware Inc ...
Page 138: ...vSphere Installation and Setup 138 VMware Inc ...