VMware Cloud Community
tdubb123
Expert
Expert
‎10-19-2015 07:41 AM

local OS PSC

when i login to each of my vcenter using administrator@vsphere.local

I have 3 PSC/VCs  all in different sites, PA-PSC, SAC-PSC, VA-PSC

under administration configuration, the Local OS PSC is always showing as PA-PSC

any idea why it would not be different if I logged into a different PSC? I thought each VC points to its own site PSC

4 Replies
malleswar77
Enthusiast
Enthusiast
‎10-19-2015 09:29 AM

Hi,

A vSphere Domain Name is defined when you are first configuring a PSC 6.0, or it is retained when you are upgrading your existing SSO 5.5 environment. This is the name in which your vSphere Domain's backing directory service (VMware Directory Service) bases all of its Lightweight Directory Access Protocol (LDAP) internal structuring upon. With vSphere 6.0, you are able to give you vSphere Domain a unique name; however, make sure that you do not name it the same as any of the other Directory Services (OpenLDAP, Microsoft Active Directory) as this will cause conflicts with authentication. If you are upgrading from vSphere 5.5, your vSphere Domain Name will remain the defaultvsphere.local. Changing the name of your vSphere Domain once is has been configured is not supported.

Once you have defined the name of your domain, you are then able to populate it with objects in the form of Machines (PSCs, vCenter Servers, vRealize Automation, etc.), Users (users@vsphere.local) or Groups (groups@vsphere.local). These objects can then be organized into individual logical sites.

0 Kudos
tdubb123
Expert
Expert
‎10-19-2015 09:50 AM

Itsa new install of 6.0. I kept the vsphere.local domain which is my sso domain.

I am not really doing anything with the sso domain. I did add Active directory as ldap for authenticating my AD domain users.

not sure if I need to create additional users/groups in the sso domain other than just using administrator@vsphere.local for configuration.

0 Kudos
Success3
Enthusiast
Enthusiast
‎10-19-2015 12:26 PM

You can create additional local users. For example, the login would be Test.User@vsphere.local. I had to use this method in a previous configuration where we weren't using AD or LDAP authentication. 

0 Kudos
sarikrizvi
Enthusiast
Enthusiast
‎02-25-2018 12:56 PM

vSphere Domains Name

1. Each Platform Services Controller is associated with a vCenter Single Sign-On domain

2. The domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring

2. Default domain name - vsphere.local for all vSphere versions

    Condition I -

               a. Your vSphere domain name is (vsphere.local) till vSphere 5.5 and you don't have option to change it.
               b. If you are upgrading from vSphere 5.5 to 6.x then your vSphere domain name would remains same (vsphere.local) and you don't have option to change it.

    Condition II -
               a. When you install a Platform Services Controller, you are prompted to create a vCenter Single Sign-On domain or join an existing domain

               b. With vSphere 6.0 and later, you can give your vSphere domain a unique name ( you can change domain name now in fresh/new installation)
                    197048_197048.png6-vCSA-Install-Set-SSO-information.png

              Note :- To prevent authentication conflicts, use a name that is not used by OpenLDAP, Microsoft Active Directory, and other directory services.

                           You cannot change the vSphere domain to which a Platform Services Controller or vCenter Server instance already belong
 

SSO Sites

1. You can organize SSO domains into logical sites.
2. A site in the VMware Directory Service is a logical container for grouping PSC instances within a vCenter Single Sign-On domain.

3. it’s time to name the site where this SSO server is going to live. This is Site A or you could give name of the city/environment where the server lives ( vSphere 5.5, 6.x)

                      197049_197049.jpgsitea-sso-site.jpg

CMDs to get info...

To find your SSO Domain Name:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

To find your SSO Site Name:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

To find you which PSC your vCSA is pointing to:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator

Regards,
SARIK (Infrastructure Architect)
vExpert 2018-2020 | vExpert - Pro | NSX | Security
vCAP-DCD 6.5 | vCP-DCV 5.0 | 5.5 | 6.0 | vCA-DCV 5 | vCA-Cloud 5 | RHCSA & RHCE 6 | A+ (HW & NW)
__________________
Please Mark "Helpful" or "Correct" if It'll help you
_____________________________________
@Follow:
Blog# https://vmwarevtech.com
vExpert# https://vexpert.vmware.com/directory/1997
Badge# https://www.youracclaim.com/users/sarik