Today we'll continue to configure our VMware vCenter Server Appliance (VCSA) and cover a topic from Professional vSphere 6.7 Exam 2019 – VCP6.7-DCV Objective 4.7 – Set up identity sources.
It is another objective which is a requirement to pass the latest VMware VCP Datacenter Exam called by VMware officially a “VCP-DCV 2019 certification”.
The VCP-DCV 2019 certification will be based on 2V0-21.19 exam number and it will have 70 questions with a duration of 115 minutes. The passing score is 300.
Recently VMware changed the rules of re-certification. Our Post: VMware Certification Changes in 2019 has the details. No mandatory recertification after 2 years. Older certification (up to VCP5) can pass the new exam without a mandatory course, only recommended courses are listed).
To become VCP-DCV 2019 certified you have 3 different choices of exam:
- Professional vSphere 6.7 Exam 2019 – VCP6.7-DCV Study Guide.
- VMware Certified Professional 6.5 – Data Center Virtualization exam (our VCP6.5-DCV Study Guide)
- VMware Certified Professional 6.5 – Data Center Virtualization Delta exam
You must be VCP5, VCP6, if not you don't have the Delta exam option.
Setup Identity sources
In our case, we'll explore the vCenter and embedded Platform Service Controler (PSC).
After installation of VCSA you connect to the UI as [email protected] and go to Administration,> Single Sign-On > Configuration > Identity Sources > Add Identity Source.
As you can see there are 4 different options:
- Active Directory Windows Integrated Identification
- Active Directory Over LDAP
- Open LDAP
- Local operating system of SSO server
In our example, we use our Microsoft Active Directory (AD) domain for the lab. This is the most common scenario because Microsoft AD is de facto standard when it comes to authentication and user's access to resources.
Whether you installing your PSC as an embedded component together with vCenter server or a separate PSC, you'll have to setup SSO and Identity sources.
When you install a PSC, you are invited to create a vCenter SSO domain or join an existing domain. The vSphere domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring.
With vSphere 6.0 and later, you can give your vSphere domain a unique name. To prevent authentication conflicts use a name that is not used by OpenLDAP, Microsoft Active Directory, and other directory services. You cannot change the domain to which a Platform Services Controller or vCenter Server instance belongs.
If you are upgrading from vSphere 5.5, your vSphere domain name remains the default (vsphere.local). For all versions of vSphere, you cannot change the name of a domain.
After you specify the name of your domain, you can add users and groups. It usually makes more sense to add an Active Directory or LDAP identity source and allow the users and groups in that identity source to authenticate. You can also add vCenter Server or Platform Services Controller instances, or other VMware products, such as vRealize Operations, to the domain.
- Service Principal Name (SPN) – Select this option if you expect to rename the local machine. You must specify an SPN, a user who can authenticate with the identity source, and a password for the user.
- Use Machine account – you'll use this option to use the local machine account (computer acount in AD) as Service principal name (SPN). In this case you'll need to specify only the domain name. (do not select this option if you planning to rename this machine).
However, please note that:
Before you add the AD as an Identity source you'll have to join the VM to Microsoft AD and reboot. You'll do that on the Active Directory Domain TAB.
You can see the screenshot here.
After that, you'll have to configure permissions for AD users, so that users and groups from the joined Active Directory domain can access the vCenter Server components.
Don’t forget to check our VCP6.7-DCV Study Guide Page for all chapters for the exam.
Please note that this guide is no mean to be complete.
More posts from ESX Virtualization:
- How to Patch vCenter Server Appliance (VCSA) – [Guide]
- What is VMware UNMAP? – Dead Space Reclamation
- What is The Difference between VMware vSphere, ESXi and vCenter
- How to Configure VMware High Availability (HA) Cluster
- Upgrading VCSA 6.5 to 6.7
- What is VMware Platform Service Controller (PSC)?
- VMware Certification Changes in 2019