VMware Cloud Community
alankoh
Enthusiast
Enthusiast
‎03-22-2022 11:18 AM

understanding vsphere SSO domain

hi all

i am trying to make sense of the vsphere SSO domain - when setting up vcenter - it prompted us to define a SSO domain which default to vsphere.local

 

1) so how does this domain works ? i don't see anywhere i can login with this vpshere.local domain other then vCenter - how is it SSO ?

 

2) if my esxi host's hostname is using another domain name ( not vsphere.local ) e.g. esxi01.domain.local - does it has any relationship with this SSO domain ? can i use another domain name for my esxi host ?

 

3) if i use the same domain for my esxi host e.g. esxi0.1vsphere.local - does that means i can login to my esxi host directly after login into vCenter ?

 

Sorry if i am not making sense

Thank you

0 Kudos
2 Replies
IRIX201110141
Champion
Champion
‎03-22-2022 01:41 PM

vSphere vCenter comes within its own directory service... thats it. Noting more nothing less.  The FQDN of the VCSA or the ESXi Hosts have nothing todo with the vsphere.local domain. This would be the same as in the windows active directory world which means we have windows server which are  named   company.foo where AD named company.local and most of the servers.

So your VCSA can be named:
vcsa.company.local
and your Hosts can be named
esxi01.company.local
esxi02.company.local
esxi03.company.local

and you would be a smart guy of you name the vCenter SSO as the suggest default name "vsphere.local." Because its a directory service you can create User within and you the service as a identity source because not everyone have a Windows AD our would like to use it.
Yes the ESXI Hosts can be join to your existing Windows AD and the default Group is named "ESX Admins". Than you can login to the DCUI, SSH or HostClient with your AD Credentials.

Regards
Joerg

 

 

alankoh
Enthusiast
Enthusiast
‎03-23-2022 10:00 AM

Hi Joerg

Thanks for the reply

Does that means

1) vsphere.local SSO domain has no relation with ESXI host FQDN

2) if vCenter has its own directory service and vphere.local is the SSO domain - can i join ESXI host to this directory service / domain instead ?

How is vphere.local single sign on ?  where else can i sign on to ?

0 Kudos