4 Replies Latest reply on Feb 25, 2018 12:56 PM by sarikrizvi

    local OS PSC

    tdubb123 Master

      when i login to each of my vcenter using administrator@vsphere.local

       

      I have 3 PSC/VCs  all in different sites, PA-PSC, SAC-PSC, VA-PSC

       

      under administration configuration, the Local OS PSC is always showing as PA-PSC

       

       

      any idea why it would not be different if I logged into a different PSC? I thought each VC points to its own site PSC

        • 1. Re: local OS PSC
          malleswar77 Enthusiast

          Hi,

          A vSphere Domain Name is defined when you are first configuring a PSC 6.0, or it is retained when you are upgrading your existing SSO 5.5 environment. This is the name in which your vSphere Domain's backing directory service (VMware Directory Service) bases all of its Lightweight Directory Access Protocol (LDAP) internal structuring upon. With vSphere 6.0, you are able to give you vSphere Domain a unique name; however, make sure that you do not name it the same as any of the other Directory Services (OpenLDAP, Microsoft Active Directory) as this will cause conflicts with authentication. If you are upgrading from vSphere 5.5, your vSphere Domain Name will remain the defaultvsphere.local. Changing the name of your vSphere Domain once is has been configured is not supported.

           

          Once you have defined the name of your domain, you are then able to populate it with objects in the form of Machines (PSCs, vCenter Servers, vRealize Automation, etc.), Users (users@vsphere.local) or Groups (groups@vsphere.local). These objects can then be organized into individual logical sites.

          • 2. Re: local OS PSC
            tdubb123 Master

            Itsa new install of 6.0. I kept the vsphere.local domain which is my sso domain.

             

            I am not really doing anything with the sso domain. I did add Active directory as ldap for authenticating my AD domain users.

             

            not sure if I need to create additional users/groups in the sso domain other than just using administrator@vsphere.local for configuration.

            • 3. Re: local OS PSC
              Success3 Novice

              You can create additional local users. For example, the login would be Test.User@vsphere.local. I had to use this method in a previous configuration where we weren't using AD or LDAP authentication. 

              • 4. Re: local OS PSC
                sarikrizvi Enthusiast

                vSphere Domains Name

                 

                1. Each Platform Services Controller is associated with a vCenter Single Sign-On domain

                 

                2. The domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring

                 

                2. Default domain name - vsphere.local for all vSphere versions

                 

                    Condition I -

                               a. Your vSphere domain name is (vsphere.local) till vSphere 5.5 and you don't have option to change it.
                               b. If you are upgrading from vSphere 5.5 to 6.x then your vSphere domain name would remains same (vsphere.local) and you don't have option to change it.

                 

                    Condition II -
                               a. When you install a Platform Services Controller, you are prompted to create a vCenter Single Sign-On domain or join an existing domain

                               b. With vSphere 6.0 and later, you can give your vSphere domain a unique name ( you can change domain name now in fresh/new installation)
                                    6-vCSA-Install-Set-SSO-information.png

                              Note :- To prevent authentication conflicts, use a name that is not used by OpenLDAP, Microsoft Active Directory, and other directory services.

                                           You cannot change the vSphere domain to which a Platform Services Controller or vCenter Server instance already belong
                 

                SSO Sites

                 

                1. You can organize SSO domains into logical sites.
                2. A site in the VMware Directory Service is a logical container for grouping PSC instances within a vCenter Single Sign-On domain.

                3. it’s time to name the site where this SSO server is going to live. This is Site A or you could give name of the city/environment where the server lives ( vSphere 5.5, 6.x)

                                      sitea-sso-site.jpg

                 

                CMDs to get info...

                 

                To find your SSO Domain Name:

                /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

                 

                To find your SSO Site Name:

                /usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

                 

                To find you which PSC your vCSA is pointing to:

                /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

                /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator