In this post, we'll have a look at how to join an existing single sign-on (SSO) domain. vCenter SSO allows vSphere components to communicate with each other through a secure token mechanism. vCenter SSO uses:
- Security Token Service (STS)
- SSL for secure traffic
- Authentication of users through Microsoft AD or OpenLDAP
- Authentication of solution through certificates
The domain name defaults to vsphere.local, but you can change it during the installation.
The domain determines the local authentication space. You can split a domain into multiple sites, and assign each Platform Services Controller and vCenter Server instance to a site. Sites are logical constructs, but usually, correspond to geographic location.
During the deployment of an additional Center server within your organization, you can add it to the existing SSO domain.
SSO Domain Repointing was introduced in vSphere 6.7 to allow the repointing of a vCenter Server from one SSO Domain to another. Let's say you have an environment with a couple of vCenter Servers, each within one site. One day, your boss tells you that your company just bought another company and that you need to manage the new environment.
By repointing the other company’s SSO domain to your company's SSO domain, you'll be able to “join” that other vCenter Server to your organization and manage all the vCenter Servers with Enhanced Linked Mode (ELM).
Screenshot from VMware documentation…
Quote from VMware documentation below on the reporting process :
- Shut down the node (for example, Node C) that is being repointed (moved to a different domain).
- Decommission the vCenter Server node that is being repointed. For example, to decommission Node C, log into Node B (on the original domain) and run the following command:
cmsso-util unregister –node-pnid Node_C_FQDN –username [email protected]_domain.com –passwd Node_B_sso_adminuser_passwordAfter unregistering Node C, services are restarted. References to Node C are deleted from Node B and any other nodes that were linked with Node C on the original domain.
- Power on Node C to begin the repointing process.
- Run the execute command. In execute mode, the data generated during the pre-check mode is read and imported to the target node. Then, the vCenter Server is repointed to the target domain.
For example, run the execute command with the following:
cmsso-util domain-repoint -m execute –src-emb-admin Administrator –replication-partner-fqdn FQDN _of_destination_node –replication-partner-admin destination_node_PSC_Admin_user_name –dest-domain-name destination_PSC_domain
We're using the cmsso-util domain-repoint command.
If you want, you can check the detailed how-to article we've done for vSphere 6.7, but for vSphere 7 is still valid.
This post is a part of a free Study Guide when preparing to pass the VMware VCP-DCV certification exam. In our free guide, we cover all topics from VCP-DCV 2021 exam that are listed on the original VMware blueprint that has 80 objectives. Check out VCP-DCV 2021 Study Guide Page.
VMware Direct download/buy links: (help us to maintain this blog)
- VMware vSphere 7.0 Essentials PLUS
- VMware vSphere 7.0 Essentials
- VMware vSphere 7.0 Enterprise PLUS
- vSphere Essentials Per Incident Support
- Upgrade to vSphere Enterprise Plus
- VMware Current Promotions
More posts from ESX Virtualization:
- vSphere 7 U2 Released
- vSphere 7.0 Download Now Available
- vSphere 7.0 Page [All details about vSphere and related products here]
- VMware vSphere 7.0 Announced – vCenter Server Details
- VMware vSphere 7.0 DRS Improvements – What's New
- How to Patch vCenter Server Appliance (VCSA) – [Guide]
- What is The Difference between VMware vSphere, ESXi and vCenter
- How to Configure VMware High Availability (HA) Cluster