WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / Automatically Join Multiple VCSA 5.1 using New vCenter SSO (Single Sign-On)

Automatically Join Multiple VCSA 5.1 using New vCenter SSO (Single Sign-On)

09.06.2012 by William Lam // 11 Comments

You may have recently heard about the new vCenter SSO (Single Sign-On) feature that is now part of the latest release of vSphere 5.1 which provides centralized authentication and directory services (supports multiple identify sources) across your vCenter Servers. vCenter SSO also provides a true single pane of glass for managing and viewing all your vSphere infrastructure and solutions, unlike it's predecessor Linked Mode feature, which many used to get a centralized view of all their vCenter Servers but without the true single-sign on capabilities.

Note: If you would like to learn more about the new vCenter SSO, I would recommend you take a look at the What's New vCenter Server 5.1 whitepaper by Justin King. 

I really love the new vCenter SSO feature, especially in my home lab where I have several vCenter Server 5.0 and 5.1 hosts running and I can view all of them in a single interface! One thing I tend to do a lot in my lab is automated deployments (you probably might have already guessed) and though the configuration web interface for vCenter Server is pretty easy to use, there is still a lot of clicking involved (as you know, I hate clicking a lot).

Just like with automating VCSA 5.1 deployments, I also looked into automating the joining of a VCSA to an existing vCenter SSO server. The example below will outline configuring a single VCSA to act as the primary vCenter SSO server and then configure two additional VCSA which will then connect to this primary vCenter Server providing them SSO capabilities.You can also run through this manually through the configuration web interface for each VCSA, but as mentioned earlier, it is manual and did I forget to mention ... tedious!

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

Step 1 - Configure your primary VCSA which will be the main SSO server. You will be leveraging the same script as shown in this article. 

Step 2 - Next, you will need to configure you secondary and tertiary (or n-others) VCSA using a similar script as in Step 1, but instead of configuring for an embedded SSO server, it will connect to the external SSO server which is specified by the IP Address or hostname of your primary VCSA.

Here is a script with the minimal commands needed for configuring your additional VCSA:
Note: Make sure you update the PRIMARY_VC variable to reflect the IP Address or hostname of your primary VCSA that was configured in Step 1

You will notice the output to be very similar, but it actually queries for the primary VCSA's lookupservice SSL thumbprint to configure the VCSA to use an external SSO server.

Once you have successfully deployed and configure your additional VCSA servers, you should now be able to login to your primary VCSA and view all your vCenter Servers in the inventory.

Is this not a cool feature!? You no longer have to manage dozen of vSphere C# Clients to get a view of your vSphere infrastructure!

More from my site

  • Dude, Where's My vCenter Server 5.1 Components Installed At?
  • Configuring Additional VCSA 5.1 as vSphere Web Client Servers
  • Configuring Additional Windows vSphere Web Client 5.1 Servers
  • Automating VCSA 5.1 (vCenter Server Appliance) Configurations
  • Automating VCSA 5.5 Configurations including SSO Administrator password

Categories // Uncategorized Tags // lookupservice, sso, vcenter, vcsa, vpxd_servicecfg, vSphere 5.1

Comments

  1. surya says

    09/16/2012 at 11:44 am

    Hi william,

    How to configure VCSA 5.1 as webclient server and how to enable only webclient in VCSA.When i am tried to start the webclient in command line its not starting.i am getting below error.
    /etc/init.d/vsphere-client start
    File /etc/vmware/ls_url.txt is missing.

    regards
    Surya

    Reply
    • William says

      09/17/2012 at 8:37 pm

      @surya,

      This is definitely possible, in 5.1 the process is a little bit different. I'm working on this and will share once I have more details.

      Reply
    • mynamemet says

      02/20/2013 at 9:36 pm

      We got a similar error on customer's machine and all i did was to get the content of that file from a test vcenter appliance and it has only one entry in that text file.

      https://x.x.x.x:7444/lookupservice/sdk

      Used the touch command to create a new txt file with same name and i was able to start the webclient service on the machine.

      Reply
  2. Loren says

    09/23/2012 at 12:50 pm

    Hello, do you know if it's possible to set up the VCSA SSO instance in a multi-site or HA configuration? I read through all the documentation I could find on these configurations, but it only seems to apply to the Windows version of SSO.

    Thanks,
    -Loren

    Reply
    • Justin King says

      09/24/2012 at 9:21 pm

      VCSA can only run as a standalone SSO server or be a slave in HA or multisite configurations

      Justin

      Reply
    • Loren says

      09/25/2012 at 1:12 am

      Thanks Justin. That's too bad. Was hoping for full equivalence in VCSA 5.1. It is so much easier to set up compared to the Windows version.

      I'm guessing that's the 'external' option in the VCSA config? I think I saw that only supports Oracle, though. We're mostly a SQL shop. Oh well.

      Maybe I can still use the VCSA for only the web client...

      Reply
  3. Lycan says

    08/09/2013 at 3:24 pm

    Hello William,

    I have three vCenter appliances, where i am using the SSO of the first vCVA and pointing the other two vCVA to the first vCVA's SSO.

    All the vCVAs shows up when i login to any web client.

    But, i get a warning message which says failed to verify the ssl certificate of one or more vCenter server. http://IP_Address:443/sdk.

    I tried deleting the solution users and re-registering the one vCenter back to SSO and regenerated the certs using fqdn but i still see the same warning message on the web client.

    Reply
    • William Lam says

      08/09/2013 at 4:52 pm

      Have you tried to re-generated the SSL certificates? Perhaps you might have changed the IP Address or hostname after it's initial deployment which might explain why you're seeing that?

      Reply
    • Wolverine_logan says

      08/09/2013 at 8:05 pm

      Hi William,

      I also work for VMware tech Support and i am a huge fan of your work.

      The issue in this case there were solution users with stale entries but i did not remove them from the command line, removing the stale entries for the other vCenter fixed the issue.

      I also happen to find the clear command only at your other article for removing solution users from your article 😀

      Thanks a ton Sir!

      Reply
  4. William Lam says

    08/09/2013 at 8:29 pm

    Glad to hear you got the issue resolve and thanks for sharing!

    Reply

Trackbacks

  1. Seperating Out the vCenter SSO, vSphere Web Client and vCenter Server Services Using the VCSA | virtuallyGhetto says:
    02/28/2014 at 9:09 pm

    […] each of the VCSA's. I have already written articles covering some of these use cases such as deploying additional vCenter Servers leveraging a common vCenter SSO Server as well as deploying additional vSphere Web Client Servers. The one particular use case that I have […]

    Reply

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • Automated ESXi Installation with a USB Network Adapter using Kickstart 02/01/2023
  • How to bootstrap ESXi compute only node and connect to vSAN HCI Mesh? 01/31/2023
  • Quick Tip - Easily move or copy VMs between two Free ESXi hosts? 01/30/2023
  • vSphere with Tanzu using Intel Arc GPU 01/26/2023
  • Quick Tip - Automating allowed and not allowed Datastores for use with vSphere Cluster Services (vCLS) 01/25/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023