Saturday, 13 October 2012

vCenter Single Sign-On (SSO) - Part2

SSO Database

The SSO database stores system users and groups, SSO configuration information, and connection details for the attached identity sources, including domain accounts. SSO server will require a separate DB running on either MSSQL, Oracle, or IBM DB2. In case of MSSQL DB, there are two perquisites:

  1. Mixed Mode Authentication (Windows Authentication and SQL Authentication)
  1. Disable Dynamic Ports and use Static Port (default is 1433).

You can use the SQL script provided in installation media to create SSO DB which will be named as RSA.

SSO High Availability

From previous sections we can see the importance of SSO component. Critical point should be raised is that SSO is a single point of failure. This means that if SSO fails, clients won't be able to login to any of the components using SSO for authentication. Therefore, having HA implemented for SSO is very important.

Note: There are workarounds to bypass SSO authentication which vary for each component.

There are two types of SSO HA deployments which are single site and multisite.

In single site mode, multiple SSO servers are deployed with one acting as master and rest are slaves. This is controlled using hardware LB. All SSO servers should be sharing the same DB (while installing SSO servers, each one should point to same DB server IP and same DB Name).
The multisite deployment can be summarized using below diagram. For more details refer to KB 2033588.

1 comment:

  1. "vCenter Single Sign On (SSO) is a component of the VMware Cloud Suite. SSO deals with identity management for administrators and applications that interact with the vSphere platform.
    idp saml