In the first part of the article we simply deployed the vCenter 5.5 VM from the OVF file – vCenter Server 5.5 Linux Appliance – Install/config . Fast and efficient. While we successfully integrated the VCSA to the Windows domain and we could see the computer account in the AD, we still had to log in with the default VMware credentials (root/vmware) to the VCSA. Now it's time to finish the configuration and allows the possibility to use Single Sign-On and centralized logins by leveraging Windows AD. So that's why this article about VCSA 5.5 Installation and configuration – part 2.
VCSA 5.5 Installation and configuration – The configuration steps:
01. Login to the VCSA appliance with login: [email protected] pass: vmware (this is the default domain which is created by default – it's built-in the VCSA 5.5)
Go to Administration > Single Sign-On > Configuration
By default you see the default vSphere.local domain and localOS authentication that are those default ones.
02. Click the Plus sign > Select Active Directory (integrated Windows Authentication)
You'll see a screen like the one below, where when you select the radio button for the AD authentication (first option) my lab domain got pre-populated there
Now when this done you should end up with a screen like the one below. An additional Identity source has been added – our lab.local domain. Good, but that's not finish. It still require one more step.
03. Click the Groups TAB, then Select Administrators group. Then see the image for additional steps. I'm using my own AD account called Vladan, which is member of the Domain Administrators group in my Windows domain.
04. Next you have to give that user a permission to administer the top level objects in vCenter. You'll have to:
click vCenter > Select vCenter server > click again on the name of your vcenter server (see screenshot)
Next you'll see a view like this. You click on Manage TAB > Permissions > Click the green Plus button and Click the Add button.
You can then select from the drop-down list your domain and choose the user you want to give him a permission. After validation, the user appears like this:
Once done, you can log out, and log back in with [email protected] as an account… -:)
Now what if you want to give a less privileges to a user or a group of users?
You can of course add not only users, but also groups from AD. And you can add users/groups with less privileges if you want them just to manage some VMs. For example I've created (in my AD) a group called Students and put an AD account called student. I want this user only to use a VM, but nothing else..
Now I can easily attach this group to an existing template (virtual machine user) .Just click the High resolution graphic to see the details. I think you get the point…
And we can verify that the user cannot delete our VM….
Now, this is not new in vSphere 5.5. The administration of users, groups, and roles is part of the vSphere since the beginning. But the web based interface make doing things a slightly different ways, so I don't thinks its a bad to re-hash a bit…-:) Plus, there is still new folks which are just starting with IT, virtualization, and learning more about VMware techologies. That's why also this post was born.
Did you like this post? SHARE it through any of those social networks -:).