Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

vCenter 5.5 SSO

Posted on 2014-09-21
4
Medium Priority
?
450 Views
Last Modified: 2014-09-22
I want to make sure I am understanding things correctly with SSO in vCenter. The password you give the adminstrator@vsphere.local account can only manage SSO options and nothing within vcenter correct? Does the root account has access into SSO by default?
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Expert Comment

by:Ganesh Kumar A
ID: 40335411
Administrator access allows a user complete super user privileges on the Single Sign On system, including the ability to create users and groups, assign permissions, add identity sources, and modify policies (lockout and password). Upon installation, only one user (admin@System-Domain) has this role.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 40335418
Thanks .. What I am trying to confirm is the SSO admin access is separate from vCEnter admin access.

Also root access on the vCenter appliances differs from SSO admin how?
0
 
LVL 5

Accepted Solution

by:
GG VP earned 1000 total points
ID: 40335436
Yes, SSO sits between your AD/LDAP and vCenter Server and this takes the credentials and verifies with the source (AD/LDAP) and once successful it provides a security token to the authenticated user.

With this token user can access vSphere products (vCenter, vCloud directory, vCO).

For more detailed explanation, please visit below link,

http://vxpresss.blogspot.com/2013/12/part-2-architecting-vcenter-single-sign.html

YES, the administrator@vsphere.local by default has administrator access on vCenter.

Please refer below VMware documentation for further details,

http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-A2A90265-4A6B-4E23-9681-97B867E55457.html

Hope this helps!

Thank you!
0
 
LVL 123

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 40335454
The password you give the adminstrator@vsphere.local account can only manage SSO options and nothing within vcenter correct?

It can manage and access both, (SSO and vCenter Server) it's like THE SUPER USER account, never lose the password, you cannot recover it if you forget it, (well not easily!).

e.g. normally after an installation you would login in as administrator@vsphere.local and then add Administrator access.

also - administrator@vsphere.local is a good account to use for Plugin Access and registration.....because it has overall rights to EVERYTHING! (and is non-AD, does not expire, or get locked!!!!)

Just give it a super secure password e.g. 26 letters, numbers and special chars, and lock in the vault!

root account, is an account specific for local root access to the local server e.g. Linux super user, it cannot access vCenter Server, but can configure the Host Appliance, e.g. change IP Address, look at logs, change scripts and config.

i.e. you may not want your vCenter Administrator, logging in or changing configuration on the Linux server.

root is a standalone user on the Linux appliance!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Teach the user how to install ESXi 5.5 and configure the management network System Requirements: ESXi Installation:  Management Network Configuration: Management Network Testing:
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question