Deploying SSO for the vCenter Linked Mode
For two vCenter Servers to be in Linked Mode, they should share the same SSO security domain. This is achieved by using two available SSO deployment modes:
These options are only made available when you start the SSO installer separately. The SSO installer initiated during the Simple Install doesn't expose these options for an obvious reason—that is, to keep the installation simple.
Getting ready
Before you begin the SSO installation, you need to do the following:
- Decide on the deployment mode based on how your environment is designed.
- Make sure that you have static IP addresses assigned and DNS entries created for the SSO VMs. The forward/reverse lookup of the FQDNs should also be verified.
- Make sure that SSO VMs are joined to the domain.
How to do it…
The following procedure will guide you through the steps required to deploy an SSO server in a way that enables support for the vCenter Linked Mode:
- Start the vCenter Single Sign-On individual installer and click on Next to continue.
- Accept the license agreement and click on Next to continue.
- Review the prerequisites, check the results, and click on Next continue:
- Choose a deployment mode and click on Next to continue:
- Enter the partner hostname, which is nothing but the IP address /FQDN of an existing SSO server. Also, supply the administrator's password for the SSO domain
vsphere.local. Click on Next to continue:
- The next screen will prompt you to confirm that you accept the partner SSO server's certificate. Click on Continue to proceed:
- The inputs prompted on the next screen will depend on the SSO deployment mode selected.
It will prompt you to supply a new site name if the selected deployment mode is vCenter Single Sign-On for an additional vCenter Server with a new site:
The wizard will ask for a site to join if you opted for the deployment mode to be vCenter Single Sign-On for an additional vCenter Server in an existing site:
- On the Single Sign-On port settings' screen, you could change the default port if necessary; otherwise, click on Next to continue with the default port.
- On the next screen, you can change the installation location by choosing a different destination folder if necessary; otherwise, click on Next to continue.
- Review the install options and click on Install to begin the installation. Note that the decision to deploy a new lookup service will depend on the deployment type chosen. The following are the two possible final screens:
If you chose vCenter Single Sign-On for an additional vCenter Server with a new site, the following screen appears:
If you chose vCenter Single Sign-On for an additional vCenter Server in an existing site, the following screen appears:
- Once the installation is complete, click on Finish to exit the installer.
How it works…
During the installation, the options presented will depend on the SSO deployment mode selected. The following flowchart will depict the conditional options presented during the installation:
Once the installation is complete, the SSO instances will synchronize their directory VMDir between the partner instances. SSO partners in the same site can be configured for a failover using third-party load balancers. This is, however, not possible with SSO partners at two different sites.