Deploy vCenter Server Appliance questions

vipclubber · ‎02-24-2017

While deploying vCenter Server Appliance 6.0+ I have the following questions:

1. Host name must be resolvable which means DNS record be entered as part of Active Directory?

2. However SSO domain cannot be the same as Active Directory? Did I get this right?

3. What is SSO domain used for? Just for login to Single Sign on such as administrator@vsphere.local???

please use example below...and provide any other suggestions to help successful install.

jhague · ‎02-24-2017

‌Hi - DNS and NTP (or time synchronisation) are 2 key ones - vCenter and ESXi hosts should be able to preform both forward and reverse lookup. The SSO domain is the default local domain for authentication so you'll get a default user administrator@vsphere.local to be able to configure your environment. What you would usually do is connect SSO to another authentication source such as your AD so you can configure your own groups to authenticate against vCenter and vsphere.local will be your fallback.

Link to VCSA requirements - vSphere 6.0 Documentation Center

RajeevVCP4 · ‎02-25-2017

Yes this right configuration according screen shot.

I would suggest add manually vcsa FQDN in AD DNS and restart DNS service. Then install.

Administrator@vsphere.local would be use for configure identity resource , join this VCSA on domain, configure role etc.

After installing if you need any help for configuring it let me know.

Rajeev Chauhan
VCIX-DCV6.5/VSAN/VXRAIL
Please mark help full or correct if my answer is use full for you

vipclubber · ‎02-25-2017

My confusion comes from SSO domain. During installations the message warning appears warning you to make sure NOT to use SSO domain to match any of your Active Directory domains. Now I hear that SSO domain can be connected to AD? Please clarify in simple terms.

Should I actually use default SSO domain i.e. vshpere.local since I would have to type it every time i need to log in to SSO why not make it abc.com and keep it as short as possible? Does it have to stay default?

vipclubber · ‎02-25-2017

Thank you Rajeev,

How can I contact you?

jhague · ‎02-25-2017

‌So that relates to a conflict between your AD namespace on the internal SSO namespace - I.e. don't use vsphere.local as your AD name. Once installed you can point at your AD for authentication which from a security and traceability perspective is better than using the generic admin account.

You can change the default vsphere.local during install but not afterwards though I wouldn't recommend it if you can avoid it.

FAQ: VMware Platform Services Controller in vSphere 6.0 (2113115) | VMware KB

RajeevVCP4 · ‎02-25-2017

rajeev.chuahan1978@gmail.com

SSO domain is not related with your AD domain, this local for SSO authentication.

Rajeev Chauhan
VCIX-DCV6.5/VSAN/VXRAIL
Please mark help full or correct if my answer is use full for you

vipclubber · ‎03-20-2017

Can I use anything i want for SSO domain instead of vsphere.local?

For example, I want to you use BLABLA.INFO Can I? Does it have to be default vsphere.local? Or does it have to end with .local?

Next, under "Choose a Network" pull down menu below what am I looking for there?

Do I have to configure anything for Network to make it show up under Network pull down?

Thanks in advance and please advise...

jhague · ‎03-21-2017

SSO domain name can be anything, it doesn't have to be vsphere.local but note that it can't be changed later. My advice would be to stick with vsphere.local unless you have good reason not to.

For the network you just need to select whatever network you want your management VMs to sit on from your available VM port groups. The list is just a list of VM portgroups. You don't have to do anything special - you just need to have connectivity between your VM network and your hosts.

All

Deploy vCenter Server Appliance questions