This week I’ve been spending time restructuring my lab environment to be ready to prepare for the VCP-Cloud which tests peoples abilities on vCloud Director and associated technologies in the vCloud Suite. It’s a been a pretty major undertaking because I wanted to change the way I manage vCenter (from multi-vCenter to single vCenter), organize my hosts and clusters, storage and networking too! I’m fortunate because my personal lab environment is relative modest affair compared to large environments – but its sizable on the “home lab” front, so much so it isn’t at home but at a colocation facility not far from where I live.
I decide the time was ripe to move over to using the vCenter Server Appliance especially as it feature parity with the “installable” Windows edition (albeit there is no “linked mode” vCenter Server Appliance). I wanted to setup the appliance to support Active Directory with the new Single Sign On feature. When you first setup the appliance the only logon to it is “root” with the password of “vmware”. From their you can use the new “Web Client” to manage how the appliance speaks to AD.
1. After login into the applianace (in my case https://vcnyc.corp.com:9443)
2. Navigate to >Administration > Single Sign On and Configuration
3. Click the + symbol to add in “Identity Sources”
4. In the dialog box enable the radio button for “Active Directory” and then fill in the fields relative to your domain
5. Once the domain is in the “indentity sources” list, it can be added to the “Default Domains” list below
Note: The “LDAP” field can use the format of ldap://dc01nyc.corp.com:portnumber to express if you want a non-secure or secure connection to Active Directory.
Once the identity source is enabled your ready add in groups or users to allow user accounts in Active Directory to have access
1. Click at the Home button or Home Navigator
2. Select >vCenter >vCenter Servers
3. Select your vCenter the Inventory
4. Select the Permissions tab
5. The + button can be used to browse for the domain, add a group and assign a role