:smileyinfo: vSphere Domains Name

Matrix__1970 · ‎11-17-2016

Hi All,

I must upgrade my farm vSphere 5.5 to 6.0. I have some doubts about my current topology and the steps for the upgrade. My first question is this: which are the difference about SSO Domain name and SSO Site? I have different vCenters with different configurations (site name and SSO Domain sites different) and I would like to clarify the importance of these settings before upgrade/migrate.

Please: can anyone explains me? Thank you

Matrix

Mattallford · ‎11-17-2016

‌Hi there,

If you are familiar with Microsoft Active Directory, a vsphere SSO Domain is similar to an Active Directory domain, and a SSO site is similar to a site within Active Directory.

In short, the main use case for having different SSO sites would be if you had the nodes in different physical locations. SSO sites to date are not really used that much, but from what I've heard the site topology could become more important down the track.

SSO domains are a boundry of where Vc/PSC nodes are replicating between each other. If you have an external deployment of nodes within the same SSO domain, enhanced linked mode is enabled by default which means you can log into any one of the VC servers and manage the other Vc servers in the same SSO domain (provided you have privileges to).

If you currently have vCenter servers in different SSO domains in 5.5, and post upgrade you would like these to be in the same SSO domain, you need to collapse these into the same SSO domain PRIOR to the upgrade while you are still running 5.5. You can't move vCenter servers between SSO domains in 6/6.5.

Cheers, Matt.

VCP6-DCV | VCAP6-DCV Deploy @mattallford If you found my answers useful, please help me by marking them as Helpful or Correct!

sarikrizvi · ‎02-25-2018

:smileyinfo: vSphere Domains Name

1. Each Platform Services Controller is associated with a vCenter Single Sign-On domain

2. The domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring

2. Default domain name - vsphere.local for all vSphere versions

Condition I -

a. Your vSphere domain name is (vsphere.local) till vSphere 5.5 and you don't have option to change it.
b. If you are upgrading from vSphere 5.5 to 6.x then your vSphere domain name would remains same (vsphere.local) and you don't have option to change it.

Condition II -
a. When you install a Platform Services Controller, you are prompted to create a vCenter Single Sign-On domain or join an existing domain

b. With vSphere 6.0 and later, you can give your vSphere domain a unique name ( you can change domain name now in fresh/new installation)

Note :- To prevent authentication conflicts, use a name that is not used by OpenLDAP, Microsoft Active Directory, and other directory services.

You cannot change the vSphere domain to which a Platform Services Controller or vCenter Server instance already belong

:smileyinfo: SSO Sites

1. You can organize SSO domains into logical sites.
2. A site in the VMware Directory Service is a logical container for grouping PSC instances within a vCenter Single Sign-On domain.

3. it’s time to name the site where this SSO server is going to live. This is Site A or you could give name of the city/environment where the server lives ( vSphere 5.5, 6.x)

:smileyinfo: CMDs to get info...

To find your SSO Domain Name:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

To find your SSO Site Name:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

To find you which PSC your vCSA is pointing to:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator

All

SSO Domain vs SSO Site

:smileyinfo: vSphere Domains Name

:smileyinfo: SSO Sites

:smileyinfo: CMDs to get info...