VMware Cloud Community
ferdis
Hot Shot
Hot Shot
‎02-20-2013 01:07 AM

vCenter and Active Directory membership requirement

Hi,

is it requirement to have your vCenter in AD domain?

In vsphere-esxi-vcenter-server-51-installation-setup-guide.pdf there is information on page 222:

"If the system that you use for your vCenter Server installation belongs to a workgroup rather than a
domain, not all functionality is available to vCenter Server. If assigned to a workgroup, the vCenter Server
system is not able to discover all domains and systems available on the network when using some features."

Please can someone describe this more?

0 Kudos
2 Replies
a_nut_in
Expert
Expert
‎02-20-2013 03:54 AM

Hi Ferdis,

vSphere 5.1 has an implimentation of a concept of "single sign on" or SSO. It's supposed to be an interface that allows domain users to authenticate and supports LDAP, AD and bunch of other authentication methods.

As such, installing in a workgroup essentially does not allow for "auto discovery" of domain users etc and as such, only authentication available would be local authentication.

Setting up additional "identity sources" etc later can be done, but can raise other issues.

Another thing to keep in mind is if the VC is not connected to a domain, and after installation, if you want to add the VC to a domain, the most obvious thing that's going to happen is that the FQDN of the VC will/might change. This would cause a bunch of services that depend on name resolution to stop working, especially SSO, Inventory Services, Hardware Status and other plugins etc.

So the answer is, you CAN set up VC in a workgroup, and it WOULD work, just later if you want to move it to a domain or configure AD accounts etc, that might cause multiple components to break

Hope that helps

Regards

a

Do remember to mark my post as "helpful" or "correct" if I've helped resolve or answer your query!
ferdis
Hot Shot
Hot Shot
‎02-20-2013 03:55 AM

Hi,

thank you very much!

0 Kudos