Adding an Active Directory or LDAP identity source, allows users and groups in that identity source to also authenticate. PSC services within the vCenter Server control authentication for the SSO Domain. The SSO Domain name defaults to vsphere.local, but can be edited during installation of the vCenter Server to a preferred name. An SSO Domain is the domain that vSphere uses to connect vCenter Servers in a federation. An SSO Domain contains Tags, Licenses, Categories, Global Permissions, Roles, and Privileges. Let’s also recap what a vSphere Single-Sign-On (SSO) Domain is and what it contains. In the event of an issue, the vCenter Server can then be quickly restored to its last state.īy running cmsso-util domain-repoint -help from the vCenter Server appliance shell we can quickly find the usage of the command. Another important prerequisite task is taking a backup. To ensure no loss of data, take a File-Based backup of each vCenter Server before proceeding with domain repointing. In vCenter Server 6.7 Update 1 and later, Embedded and External PSC deployments are supported for domain repointing. The domain-repoint sub-command of cmsso-util is available starting with vCenter Server 6.7 and supports domain repointing for External PSC deployments. In vSphere 6.7 an additional sub-command (domain-repoint) was added expanding the power of this utility. You may already be familiar with this command utility as it’s used to perform other actions in an SSO Domain such as decommissioning a PSC, or pointing a vCenter Server to another Site, etc. Repointing is handled by the CMSSO-UTIL command. Prerequisitesīefore we dive into how to leverage this feature we should discuss some of the requirements and prerequisites that must be considered prior to using it. If there is a need to repoint a vCenter Server from its current domain to a brand new SSO Domain, that is also possible. This powerful feature can not only help customers with mergers & acquisitions who may have a need to change the name of an SSO Domain but also joining two different SSO Domains into one common domain. SSO Domain Repointing was introduced to allow the repointing of a vCenter Server from one SSO Domain to another, something that was not possible in vSphere 6.0/6.5. The vCenter Server being repointed, moves from its current SSO domain and joins the other existing domain as another vCenter Server connected via Enhanced Linked Mode (ELM). Whether building new, changing, or redesigning an SSO Domain, vSphere 6.7 has a great new feature to help lessen this complexity. Planning, designing, and architecting a vSphere SSO Domain for vCenter Server can occasionally feel complex to many VMware Administrators.
0 kommentar(er)
