Solved

vCenter 5.5 SSO

Posted on 2014-09-21
4
376 Views
Last Modified: 2014-09-22
I want to make sure I am understanding things correctly with SSO in vCenter. The password you give the adminstrator@vsphere.local account can only manage SSO options and nothing within vcenter correct? Does the root account has access into SSO by default?
0
Comment
Question by:compdigit44
4 Comments
 
LVL 10

Expert Comment

by:Ganesh Kumar A
Comment Utility
Administrator access allows a user complete super user privileges on the Single Sign On system, including the ability to create users and groups, assign permissions, add identity sources, and modify policies (lockout and password). Upon installation, only one user (admin@System-Domain) has this role.
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Thanks .. What I am trying to confirm is the SSO admin access is separate from vCEnter admin access.

Also root access on the vCenter appliances differs from SSO admin how?
0
 
LVL 5

Accepted Solution

by:
GG VP earned 250 total points
Comment Utility
Yes, SSO sits between your AD/LDAP and vCenter Server and this takes the credentials and verifies with the source (AD/LDAP) and once successful it provides a security token to the authenticated user.

With this token user can access vSphere products (vCenter, vCloud directory, vCO).

For more detailed explanation, please visit below link,

http://vxpresss.blogspot.com/2013/12/part-2-architecting-vcenter-single-sign.html

YES, the administrator@vsphere.local by default has administrator access on vCenter.

Please refer below VMware documentation for further details,

http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-A2A90265-4A6B-4E23-9681-97B867E55457.html

Hope this helps!

Thank you!
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
Comment Utility
The password you give the adminstrator@vsphere.local account can only manage SSO options and nothing within vcenter correct?

It can manage and access both, (SSO and vCenter Server) it's like THE SUPER USER account, never lose the password, you cannot recover it if you forget it, (well not easily!).

e.g. normally after an installation you would login in as administrator@vsphere.local and then add Administrator access.

also - administrator@vsphere.local is a good account to use for Plugin Access and registration.....because it has overall rights to EVERYTHING! (and is non-AD, does not expire, or get locked!!!!)

Just give it a super secure password e.g. 26 letters, numbers and special chars, and lock in the vault!

root account, is an account specific for local root access to the local server e.g. Linux super user, it cannot access vCenter Server, but can configure the Host Appliance, e.g. change IP Address, look at logs, change scripts and config.

i.e. you may not want your vCenter Administrator, logging in or changing configuration on the Linux server.

root is a standalone user on the Linux appliance!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

One of the new features of a version 7.0 or later virtual machine, supported in VMware vSphere 4.1, 5.0 or the VMware vSphere Hypervisor ESXi 4.1, ESXi 5.0 often overlooked by VMware Administrators is the ability to add and connect USB devices conne…
It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now