You may have recently heard about the new vCenter SSO (Single Sign-On) feature that is now part of the latest release of vSphere 5.1 which provides centralized authentication and directory services (supports multiple identify sources) across your vCenter Servers. vCenter SSO also provides a true single pane of glass for managing and viewing all your vSphere infrastructure and solutions, unlike it's predecessor Linked Mode feature, which many used to get a centralized view of all their vCenter Servers but without the true single-sign on capabilities.
Note: If you would like to learn more about the new vCenter SSO, I would recommend you take a look at the What's New vCenter Server 5.1 whitepaper by Justin King.
I really love the new vCenter SSO feature, especially in my home lab where I have several vCenter Server 5.0 and 5.1 hosts running and I can view all of them in a single interface! One thing I tend to do a lot in my lab is automated deployments (you probably might have already guessed) and though the configuration web interface for vCenter Server is pretty easy to use, there is still a lot of clicking involved (as you know, I hate clicking a lot).
Just like with automating VCSA 5.1 deployments, I also looked into automating the joining of a VCSA to an existing vCenter SSO server. The example below will outline configuring a single VCSA to act as the primary vCenter SSO server and then configure two additional VCSA which will then connect to this primary vCenter Server providing them SSO capabilities.You can also run through this manually through the configuration web interface for each VCSA, but as mentioned earlier, it is manual and did I forget to mention … tedious!
Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.
Step 1 – Configure your primary VCSA which will be the main SSO server. You will be leveraging the same script as shown in this article.
Step 2 – Next, you will need to configure you secondary and tertiary (or n-others) VCSA using a similar script as in Step 1, but instead of configuring for an embedded SSO server, it will connect to the external SSO server which is specified by the IP Address or hostname of your primary VCSA.
Here is a script with the minimal commands needed for configuring your additional VCSA:
Note: Make sure you update the PRIMARY_VC variable to reflect the IP Address or hostname of your primary VCSA that was configured in Step 1
You will notice the output to be very similar, but it actually queries for the primary VCSA's lookupservice SSL thumbprint to configure the VCSA to use an external SSO server.
Once you have successfully deployed and configure your additional VCSA servers, you should now be able to login to your primary VCSA and view all your vCenter Servers in the inventory.
Is this not a cool feature!? You no longer have to manage dozen of vSphere C# Clients to get a view of your vSphere infrastructure!