The SSO database
stores system users and groups, SSO configuration information, and connection
details for the attached identity sources, including domain accounts. SSO
server will require a separate DB running on either MSSQL, Oracle, or IBM DB2.
In case of MSSQL DB, there are two perquisites:
- Mixed Mode Authentication (Windows Authentication and SQL Authentication)
- Disable Dynamic Ports and use Static Port (default is 1433).
You can use the SQL
script provided in installation media to create SSO DB which will be named as
RSA.
SSO High Availability
From previous
sections we can see the importance of SSO component. Critical point should be
raised is that SSO is a single point of failure. This means that if SSO fails,
clients won't be able to login to any of the components using SSO for
authentication. Therefore, having HA implemented for SSO is very important.
Note: There are
workarounds to bypass SSO authentication which vary for each component.
There are two types
of SSO HA deployments which are single site and multisite.
In single site mode,
multiple SSO servers are deployed with one acting as master and rest are
slaves. This is controlled using hardware LB. All SSO servers should be sharing
the same DB (while installing SSO servers, each one should point to same DB
server IP and same DB Name).
The multisite
deployment can be summarized using below diagram. For more details refer to KB
2033588.
"vCenter Single Sign On (SSO) is a component of the VMware Cloud Suite. SSO deals with identity management for administrators and applications that interact with the vSphere platform.
ReplyDeleteidp saml