Search the VMware Knowledge Base (KB)
View by Article ID

Installing vCenter Single Sign-On 5.5 on a Microsoft Windows platform (2058239)

  • 66 Ratings

Purpose

This article provides a step-by-step guidance for installing VMware vCenter Single Sign-On (SSO) 5.5 using the Custom Install method.
 
This article assumes that:
  • You have reviewed the vSphere Installation and Setup Guide.
  • You have met all minimum software and hardware requirements for vSphere 5.5. For more information, see the System Requirements section in the vSphere Installation and Setup Guide.
  • You have configured both a forward and reverse lookup zone for this Microsoft Windows Server on your Domain Name System (DNS) Server(s). For more information on configuring reverse lookup zones in a Microsoft Active Directory domain, see the Microsoft TechNet article Adding a Reverse Lookup Zone.
  • When you plan to authenticate against Active Directory, you have joined your Microsoft Windows server to the domain. For more information, see the Microsoft TechNet article How to Join Your Computer to a Domain.

    Note: The preceding links were correct as of April 24, 2014. If you find a link is broken, provide feedback and a VMware employee will update the link.

  • You have decided on not using the Simple Install method and want to install SSO on a separate Microsoft Windows platform. You may want to use this method in these configurations:

    • The dedicated SSO server must be shared between multiple vCenter Servers and Inventory Service instances across a single site.
    • The SSO instance must act as a single node in a highly available (HA) configuration using a third party load balancer.
    • This SSO instance must act as a node in a multisite deployment, allowing for synchronous authentication across multiple geographical sites.

Important: Having the services located on multiple Microsoft Windows servers increases the complexity of maintaining the environment. Additional complexity comes in the form of administration overhead and licensing costs. In addition, this configuration introduces points of failure, such as network connectivity and name resolution related issues which may involve engaging additional vendors during outages and maintenance windows. Please make sure that your infrastructure is configured in a redundant manner and you allocate appropriate resources considering these factors.

Resolution

Installation steps for Single Sign-On 5.5

  1. Mount the vSphere 5.5 installation media. The installation wizard appears.
  2. In the left pane, under Custom Install, click vCenter Single Sign-On and then click Install .

    Note: If any of the prerequisites are not met, they are listed in the right pane under Prerequisites.

  3. In the welcome screen, click Next.
  4. Review the End User License Agreement. If you agree, select the I accept the terms in the license agreement option and click Next.
  5. Review the Prerequisites check screen.
  6. Click Next.
  7. Select a deployment mode and click Next.



    The various deployment mode options include:

    • vCenter Single Sign-On for your first vCenter Server – Select this option to deploy your first SSO server. This server becomes the first SSO server in a new vSphere authentication domain.

      After you select this option:

      1. Provide a password for the SSO administrator user and click Next . For information on password recommendation see  vSphere 5.5 Single Sign-On administrator@vsphere.local password issues (2060637)

        Note: This dialog shows information related to a domain by the name vsphere.local. This is not a domain that is auto-detected within the existing environment, but a net new domain used internally by vSphere. The administrator@vsphere.local account performs the same function as the admin@System-Domain account in previous versions of vSphere.

        For more information about the administrator@vsphere.local account, see the vSphere Software Components section of the vCenter Server and Host Management Guide.

      2. Provide a site name and click Next.

        Note: The site name is used in environments where there are SSO servers in multiple sites. Ensure to select this name carefully because it cannot be changed in the vSphere Web Client after the installation completes.


    • vCenter Single Sign-On for an additional vCenter Server in an existing site – Select this option to add this SSO server to an existing vSphere authentication domain site. This server replicates information from an existing SSO server in the vSphere authentication domain.

      After selecting this option:

      1. Under vCenter Sign-On Information, specify the Partner host name. This is the host name of the alternative SSO instance.
      2. Specify the password for the administrator@vsphere.local user for the alternate instance and click Next.

        Certificate information for the partner service you provided is displayed and you are asked if you trust the certificate. If you trust the certificate, click Continue.

      3. Select the original site name defined during the installation for the primary node name from the dropdown and click Next.

        Note: Both SSO instances share a common site name. Using this deployment mode is only for configuring a highly available (HA) vCenter Single Sign-On implementation using a third party load balancer.

    • vCenter Single Sign-On for an additional vCenter Server with a new site – Select this option to add the SSO server to an existing vSphere authentication domain and create a new site. This server replicates information from an existing SSO server in the vSphere authentication domain.

      After selecting this option:

      1. Under vCenter Sign-On Information, specify the Partner host name. This is the host name of the alternative SSO instance.
      2. Specify the password for the administrator@vsphere.local user and click Next.

        Certificate information for the partner service you provided is displayed and you are asked if you trust the certificate. If you trust the certificate, click Continue.

      3. Enter a name for the new site.

        Note: The site name is used in environments where there are SSO servers in multiple sites. Ensure to choose this name carefully because this name cannot be changed in the vSphere Web Client after the installation completes.

  8. Optionally, provide an alternative TCP port number for the SSO service and click Next.

    Notes:
    • Changing the default ports is recommended only if you have an unchangeable port conflict in the same system.
    • When using the custom installer for vSphere Web Client, Inventory Service, and vCenter Service, you are prompted for the Lookup Service URL. The prompts default to port 7444. If you change the port number now, you must manually update the port number in all future custom installers that would use this instance of SSO.

  9. Optionally, provide an alternative installation location and click Next.

    Notes:
    • The installation requires 2 GB of disk space to be available. For more information, see the Hardware Requirement forvCenter Server, the vSphere Web Client, vCenter Inventory Service, and vCenter Single Sign-On section in the vSphere Installation and Setup Guide.
    • The path must conform to NTFS naming restrictions. For more information, see the Microsoft article Naming Files, Paths, and Namespaces.

      The preceding link was correct as of September 19, 2013. If you find the link is broken, provide feedback and a VMware employee will update the link.

  10. In the confirmation screen, click Install to start the installation process.
  11. Click Finish when the installation completes.

Post installation of SSO 5.5

After installing SSO 5.5:

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 66 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 66 Ratings
Actions
KB: