Information Technology Reference
In-Depth Information
violation of security best practices; not having the domain group Administrators in SSO Server
is, therefore, a good idea.
Perform the following steps to add Active Directory to be used as a source for vCenter Server
users:
1.
Log on to the vCenter Web Client as the SSO administrator. Unless you have created
another account, the username is
administrator@vsphere.local.
2.
Click Administration in the Navigator pane.
3.
Under the Single Sign-On section, click Coni guration.
4.
Select the middle tab, labeled Identity Sources.
5.
Click the green plus icon to add a new identity source.
6.
In the Add Identity Source dialog box, you have four options:
◆
Active Directory (Integrated Windows Authentication)
Active Directory As A LDAP Server
◆
Open LDAP
◆
Local OS
◆
The i rst two options relate to Active Directory, but their connection method is slightly
different. Using Windows authentication requires a user or computer account with the
relevant rights to traverse the entire directory and Kerberos is used to authenticate.
The second Active Directory option uses LDAP to connect instead of Kerberos.
The third option, Open LDAP, is quite simply a way to integrate with OpenLDAP. This
could be a connection to a Windows- or Linux-based OpenLDAP system.
The i nal option is Local OS. This relates to the operating system on which SSO is
installed, in our case a Windows Server 2008 R2 system. This integrates SSO with the
local users that are coni gured within the operating system itself.
In this example, we'll connect to Active Directory using Windows authentication and a
machine account. This is the simplest way to get SSO to integrate with Active Directory
as it prepopulates the Active Directory domain name that the SSO server belongs to and
can therefore use the machine account for authentication.
With these options selected, click OK to close the dialog box.
vCenter Server, more specii cally Single Sign-On, is now linked with Active Directory. You
now have the capability to add users and groups from your domain to specii c roles within your
vSphere environment. We will explain this in detail later in the chapter.
Configuring SSO on Windows Server for Local Accounts
In the previous sections we coni gured SSO to use Active Directory as a source for users and
groups. Similarly, we can also coni gure SSO to use the local machine's users and groups as an
identity source. One of the great things about SSO is that you can have multiple identity sources
