Wednesday, 10 May 2017

Add vCenter to domain with Single sign on

How to Join AD Domain in vCenter Server Appliance 6.0 (vCSA)

In vSphere 6.0 the vCenter Server Appliance (vCSA) has been changed a lot. Joining an Active Directory Domain is now included in the infrastructure node configuration which is part of the Platform Services Controller. Please note standard AD requirements like time synchronisation and naming. You can't join an AD if you've set an IP address as name during the VCSA guided installer.

  1. Open vSphere Web Client (https://[vcenter]/vsphere-client)
  2. Login as Single Sign-On Administrator (Password set during installation)
  3. Navigate to Administration > Deployment > System Configuration
    vsphere60-web-client-administration vsphere60-web-client-system-configuration
  4. Open Nodes and select the infrastructure node that is associated with Single Sign-On
    vsphere60-web-client-infrastructure-node-config
  5. Navigate to Manage > Advanced > Active Directory
    vsphere60-web-client-infrastructure-node-join-ad
  6. Click Join...
    vsphere60-web-client-infrastructure-node-join-button
  7. Enter AD domain information
    vsphere60-web-client-join-domain
  8. Press OK
  9. Reboot the Appliance
When the appliance comes back up it is now part of the Active Directory Domain. The next step is to configure the AD as identity source to login to the vCenter with AD credentials.

  1. Open vSphere Web Client (https://[vcenter]/vsphere-client)
  2. Login as Single Sign-On Administrator (Password set during installation)
  3. Navigate to Administration > Single Sign-On > Configuration
    vsphere60-web-client-administration vsphere60-web-client-sso-configuration
  4. Open the Identity Sources tab
  5. Click the green + to add an identity source
    vsphere60-web-client-sso-add-identity-source
  6. Select Identity Source Type:
    A) Active Directory (Integrated Windows Authentication)
    This option works with both, Windows-based vCenter Server and vCenter Server Appliance. The underlying system (Windows Server or Infrastructure node of Platform Services Controller) has to be a member of the Active Directory domain.
    vsphere60-web-client-sso-ad-authB) Active Directory as a LDAP Server
    If the underlying system is not part of the Active Directory domain.Fill out the remaining fields as follows:
    Name: Label for identification
    Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. Example: If your domain name is virten.lab the DN for the entire directory is "DC=virten,DC=lab".
    Domain name: Your domain name. Example: "virten.lab"
    Domain alias: Your netbios name. Example: "virten"
    Base DN for groups: The Distinguished Name (DN) of the starting point for directory server searches.
    Primary server URL: AD Server URL. You can either query the local directory (Port 389), or the global catalog (Port 3268). Example: "ldap://dc01.virten.lab:3268"
    Secondary Server URL
    Username: A user in the AD Domain with at least browse privileges. Example virten\vcenterssovsphere60-web-client-sso-add-ldap-server
    Press Test Connection to verify AD connection
    vsphere60-web-client-sso-ldap-connection-established
  7. Click OK
  8. Back at Identity Sources your AD should appear in the list and from now on you are able to assign vCenter permissions to users and groups from your active directory.
  9. Select you Active Directory and click the world with arrow button to make AD to your default domain.
    vsphere60-web-client-select-default-domain
  10. To login with AD users, you have to set permissions. To add a AD user as global Administrator navigate to Administration > Access Control > Global Permissions
    vsphere60-web-client-global-permissions
  11. Click Add permission
    vsphere60-web-client-add-permission
  12. Click Add...vsphere60-web-client-add-permission-add
  13. Select the Active Directory domain under Domain, choose a user and press Add
    vsphere60-web-client-add-permission-add-aduser
  14. Press OK twice
You can now login to the vSphere 6.0 vCenter with your Active Directory Account.












vsphere60-vcsa-in-ad

2 comments:

  1. The effectiveness of IEEE Project Domains depends very much on the situation in which they are applied. In order to further improve IEEE Final Year Project Domains practices we need to explicitly describe and utilise our knowledge about software domains of software engineering Final Year Project Domains for CSE technologies. This paper suggests a modelling formalism for supporting systematic reuse of software engineering technologies during planning of software projects and improvement programmes in Final Year Projects for CSE.

    Software management seeks for decision support to identify technologies like JavaScript that meet best the goals and characteristics of a software project or improvement programme. JavaScript Training in Chennai Accessible experiences and repositories that effectively guide that technology selection are still lacking.

    Aim of technology domain analysis is to describe the class of context situations (e.g., kinds of JavaScript software projects) in which a software engineering technology JavaScript Training in Chennai can be applied successfully

    ReplyDelete
  2. Wow great post! Thankyou for sharing the information, its very helpful. we provide embedded mini project centers in chennai

    ReplyDelete