Active Directory for VMware vCenter 6.5
Denunciar
Tuan YangSeguir
6 de Jun de 2017•0 gostou•775 visualizações
4 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Check these out next
Active Directory for VMware vCenter 6.5
6 de Jun de 2017•0 gostou•775 visualizações
4 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Baixar para ler offline
Denunciar
Tecnologia
VMware Infrastructure empowers businesses of all sizes and environments to move beyond traditional IT infrastructure boundaries and build a responsive data center that's dynamic, efficient and available. Learn to operate & maintain VMware vSphere 6.5 from a real-world perspective. Learn more about: - About the Netcom VMware vSphere Boot Camp - Two different ways to integrate vSphere with Active Directory - Best Practices: Join Domain vs. AD LDAP - Adding an AD Identity Source to vCenter 6.5 - Creating a Default vSphere Permission for users in an AD Group
Tuan YangSeguir
Recomendados
VMware vSphere 6.0 - Troubleshooting Training - Day 1Sanjeev Kumar
VMware Advance Troubleshooting Workshop - Day 6Vepsun Technologies
Upgrading to VMware vSphere 6.0Tim Carman
VMware vSphere technical presentationaleyeldean
VMware PresentationEmirates Computers
Vsphere esxi-vcenter-server-50-installation-setup-guideamirzahur
Active Directory for VMware vCenter 6.5
- Active Directory for VMware vCenter 6.5
- NetCom Learning
- NetCom Learning – Managed Learning Services
- Agenda • Introductions • About the VMware vSphere 6.5 Boot Camp • Active Directory for vCenter 6.5 • The evolution of vCenter and Directory-based authentication • What is VMware vCenter SSO? • Two ways to integrate vCenter SSO with Active Directory • Method one: Integrating vCenter with AD using the Machine Account • Method two: Integrating vCenter with AD using LDAP
- VMware vSphere 6.5 Boot Camp Practical VMware Training • What you need to know to use vSphere • Current materials • Real World Best Practices
- Our Practical vSphere Boot Camp is like no other • You have your own enterprise-grade VDI for access • You work live, with your own ESXi Host and vCenter Server • You get your own LUN/Volume on an Enterprise SAN • You have 24X7 Access to your lab environment • Your instructor can see your VDI and help you 1-on-1 during class • Boot Camp Class • 6/19/17 – 6/23/17 Las Vegas
- Real-world lab steps • These methods are taken directly from methods we learn as consultants in Real-World situations • Every participant in the Boot Camp will have the opportunity to fully participate using their own vCenter!
- VMware vSphere 6.5 SSO The evolution of directory-based authentication for VMware vCenter
- VMware vCenter 5 and before • VMware vCenter 5 and prior versions were always a subset of a single Active Directory domain • Active Directory was required to install vCenter • vCenter Server was a Windows-only service • Domain Admins of the AD domain were always vSphere Administrators by default!
- vCenter in the age of Cloud Computing • vCenter 5.5 and later versions have their own directory called vCenter SSO • Based on MIT Kerberos (same as AD) • Full configurable as a standalone directory with Users and Groups • Password aging and complexity configuration possible • Smart Card and two-factor configuration possible
- Advantages of vCenter SSO • AD is no longer required to install vCenter • The main requirement for SSO is functioning forward and reverse DNS • VMware vCenter now a potential superset of many AD Domains • Can add multiple Active Directory Domains and LDAP directories • External directories are used as Identity Sources • External directories remain completely independent • Domain Admins no longer receive vCenter Administrator permission by default • Only one SSO administrator is created during installation • You add other users and Identity sources at your discretion.
- Integrating vCenter and Active Directory Method 1: Using the Machine Account
- Method 1: Using the Machine Account • Possible with both Windows vCenter and VCSA Appliance (Linux) • Host Operating System must be joined to the domain • Creates a dependency between the Host Operating System where vCenter runs and the AD Domain
- Method 1: Using the Machine Account • Join the Domain 1. In the Navigator bar on the left side of the screen, click on Administration.
- Using the Machine Account with SSO 2. Now click on System Configuration
- Method 1: Using the Machine Account 3. Click on Nodes.
- Method 1: Using the Machine Account 4. Choose your vCenter Node and then click on Active Directory.
- Method 1: Using the Machine Account 5. Enter the Domain, OU, User and password
- Method 1: Using the Machine Account 6. Reboot your vCenter / VCSA
- Method 1: Using the Machine Account 7. Now click on Configuration and then on Identity Sources a. Click the +
- Method 1: Using the Machine Account 8. Choose Active Directory (Integrated Windows Authentication)
- Integrating vCenter and Active Directory Method 2: Using Active Directory LDAP
- Method 2: Using Active Directory LDAP • Possible with both Windows vCenter and VCSA Appliance (Linux) • Host Operating System does not need to be joined to the domain • Does not create a dependency between the Host Operating System where vCenter runs and the Domain • All LDAP Identity sources remain completely independent • Many fewer steps overall
- Method 2: Using Active Directory LDAP 1. In the Web-Client, click on Home and then on Administration
- Using Active Directory as an LDAP Server 2. Now click on Configuration and then on Identity Sources a. Click the +
- Using Active Directory as an LDAP Server 3. Choose Active Directory as an LDAP Server
- Using Active Directory as an LDAP Server 4. Enter all of the information in LDAP format
- vCenter SSO Global Permissions
- SSO Global Permissions • Configuration is the same for: • Windows vCenter • VCSA • Domain-joined • AD as an LDAP server
- SSO Global Permissions 1. Choose Global Permissions > Manage > click on +
- SSO Global Permissions 2. It’s now possible to add Users/Groups/OUs from the Domain(s) configured a. Choose the AD Domain/LDAP Directory b. Locate the User/Group c. Click Add d. Click OK
- SSO Global Permissions 3. And assign any/all desired Roles a. Select the Role (Administrator) b. Click Add c. Click OK
- vCenter SSO • No matter if it is a Windows vCenter, VCSA, Domain-joined or LDAP • You can now log in with directory credentials • BEST PRACTICE: Do not “Use Windows Session authentication” • BEST PRACTICE: Enter username in UPN format: user@domain.tld
- Upcoming vSphere Classes Webinars • Webinars • Boot Camp Class • 6/19/17 – 6/23/17 Las Vegas • 8/14/17 – 8/18/17 New York
- Watch the Live Demonstration Watch the recorded webinar here!
- Recommended Courses NetCom Learning offers a comprehensive portfolio for VMware vSphere training options. Please see below the list of recommended courses: VMsources VMware vSphere 6.5 Infrastructure Deployment Prep Boot Camp Check out more VMware vSphere training options with NetCom Learning – CLICK HERE
- Our live webinars will help you to touch base a wide variety of IT, soft skills and business productivity topics; and keep you up to date on the latest IT industry trends. Register now for our upcoming webinars: Raise your defenses against Malware & Ransomware attacks – May 8 Understanding the Windows Server Administration Fundamentals (Part-1) – June 13 Microsoft Word Power Shortcuts & Tips (Part-2) – June 15 Your Quick Guide to PMP Certification and Examination – June 20 Understanding the Windows Server Administration Fundamentals (Part-1) – June 27
- Special Promotion Whether you're learning new IT or Business skills, or you are developing a learning plan for your team, now you can register for our Guaranteed to Run classes with confidence. From Microsoft, to CompTIA, to CISSP; all classes delivered by top-notch instructors in in- person Instructor-led Classroom or Live Online. Learn more»
- Special Promotion Is the internet secure? It becomes a matter of deep introspection whether the internet remains a safe place for us with all our personal and official data on it. Take a proactive stance on security. It is time to wake up and begin preparing a defense for the future. Acquire the skillset, become certified cybersecurity professional. Learn more»
- Special Promotion Trial Version & 10% First Time User discount on Soft Skills E-Learning Courses (Limited Period Offer, Register NOW) Log onto www.sarderlearning.com Coupon Code: SARDER10
- 3500+ BYTE SIZE VIDEOS 200+ MENTORS 100+ COURSES Leadership focused programs across Functions, Management levels, & Industries Business Productivity programs enabling professionals master the latest concepts Soft skills programs ensuring the basics of management success Best selling books focused programs covering all aspects of professional & personal lives Premium programs such as Board-Series www.sarderlearning.com Course Categories Anywhere Anytime Learning across Devices & Operating Systems
- Media Platform with a blend of Charlie Rose & TED Headquartered in New York, the platform publishes Exclusive High Quality Video Content from Fortune 1000 Corporate Leaders, Best Selling Authors & Ivy League Professors With a purpose to "Promote Learning", the Platform is based on the Core values of Continuous Learning, Innovation & Performance. Get the latest insights on Management, Strategy, Marketing, Sales, Innovation and Entrepreneurship. www.sardertv.com To get the latest insights on the Business World
- To get latest technology updates, please follow our social media pages!
- THANK YOU !!! We manage learning. “Building an Innovative Learning Organization. A Framework to Build a Smarter Workforce, Adapt to Change, and Drive Growth”. Download now!
Notas do Editor
- Welcome to Netcom Learning’s VMware vSphere Webinar series Today we’re going to introduce ourselves, then tell you just a little bit about our VMware vSphere Boot Camp And then jump right into the topic: Active Directory for VMware vSphere First, we’ll explain what VMware vCenter SSO is Then we will show you two ways to integrate your vCenter with Active Directory
- Our practical, real-world VMware training is designed specifically to teach what you need to know to install, run, maintain and update VMware vSphere. Our Boot Camp materials are current to the most recent release of VMware vSphere and always have an emphasis on Best Practices and Real world techniques. In class we teach you how to use, manage and diagnose VMware vSphere as a whole and do not fixate on the most expensive options and features available to only a percentage of users.
- During class, each student has access to real (physical) servers in a real data center, where you will build your own VMware vSphere environment. At every stage of the process, you will be working live, with equipment specifically assigned to you for the duration of class. You’ll have 24 by 7 access to your resources in the class lab, and you can request up to two additional weeks of access to your lab at NO EXTRA COST! Bottom line is: If you need to improve your skills with VMware vSphere, there’s no better choice than the Netcom VMware vSphere Boot Camp!
- The procedures and methods we are going to go over in this webinar were taken right from our experience as active consultants. In class, you will have the opportunity to explore both methods of using AD with vCenter, using your own vCenter Server!
- VMware vCenter 5 and prior versions were Windows-only applications that required Active Directory to install. Domain Admins of the AD Domain where vCenter was installed, became vCenter Administrators by default. As you can imagine, in larger organizations with multiple “silos,” AD administrators may not be qualified on VMware and VMware admins may not be authorized for AD administration.
- VMware vCenter SSO was actually introduced with version 5.1, but it was a non-functional mess with plaintext passwords and complex installation requiring manual creation of database tables in SQL! Beginning with vCenter 5.5, VMware vCenter SSO became fully-functional as an independent implementation of MIT Kerberos. In SSO, it is possible to create Users and Groups, just like any other directory. It’s also possible to configure aging, password complexity, and two-factor authentication to be compliant with most any standards such as SSAE 16 and ISO 27001
- One of the notable advantages of vCenter 5.5 and later versions is that Active Directory is no longer required as a prerequisite for installation, only functioning forward and reverse DNS. This means non-Windows shops no longer have to keep one or two licensed editions of Windows Server just to run vSphere! The biggest advantage is that VMware vCenter Server is no longer a subset of a single AD Domain, but potentially a superset of many AD Domains, all authenticating against vCenter SSO independently. Moreover, the VMware vCenter SSO administrator is created at the time of installation (administrator@vsphere.local or other TLD you create), and is the ONLY default vCenter administrator. In larger organizations, this is very important, because Domain Administrators not qualified on VMware, will not be granted default access.
- The most common, yet disadvantageous, method of integrating VMware vCenter SSO and AD is by using the Machine Account of the vCenter Server. This means, joining either the Windows OS or the SUSE Linux OS to the AD Domain where it is hosted. Joining a Windows server to a Domain is common-practice. Joining the VCSA to a Domain is easy and done entirely in the GUI. Both require a reboot. The problem is that this creates a potential “chicken-and-egg” dependency between the AD Domain and the Operating System where vCenter Server is hosted. You wouldn’t want to encounter a situation where AD had failed and you couldn’t access vCenter to recover it!
- To join the VCSA to an AD Domain, click on: Administration
- Then click on: System Configuration
- Click on: Nodes
- Then locate your vCenter node. Most likely, it will be the only choice.
- Enter credentials authorized to join the AD Domain, preferably in UPN format
- And reboot your VCSA
- After the system has rebooted, choose: Configuration Then click the tab: Identity Sources
- Now choose: Active Directory (Integrated Windows Authentication), followed by: Finish Your vCenter and Active Directory are now integrated, but we have yet to create a default permission
- The best way to integrate vCenter SSO with Active Directory (or any directory) is to use LDAP / LDAPs In this way, vCenter becomes a client of the directory(ies) that need to authenticate against vCenter No dependencies are created, and vCenter can run entirely independently of any domain
- Click on: Administration
- Choose: Configuration then click the tab: Identity Sources
- Now choose: Active Directory as an LDAP Server
- Enter all of the information in LDAP format, as we show you in the screenshot. If DNS is working correctly, you will not need to pprovide the address of a specific LDAP Server. Your vCenter is now integrated with one AD Domain. You can add more if required or desirable simply by repeating the process. To use Active Directory, however, we must create a default permission.
- Once the connection between vCenter and AD is established, no matter how it is created, the steps to create the first Global Permission allowing users of that directory to manage vCenter is the same.
- Click on: Global Permissions Then choose the tab: Manage And finally, click on the: +
- Now you can choose the AD Domain Followed by searching or browsing for the user/group you would like to add Then click on: Add And finally: OK
- Once the Directory user is added, you chose the Role, which will allow the user limited ot total access to the vCenter Server In class, we go over how to create and use Roles in detail, to delegate authority to Silos such as “desktop support” or “Linux”, as well as create completely independent multi-tennancy environments.
- Now you are ready to use your directory! We recommend to never “Use Windows Session Credentials” as it requires the “Client Integration Plugin” to the browser, which has had numerous documented vulnerabilities We recommend using UPN format usernames wherever possible, in vSphere and in general IP practice.
- Don’t Forget, we have a Boot Camp in just TWO Weeks in Las Vegas, Followed by a class on August 14 in New York City
- Further, if your interested in “Learning from the Top American Leaders”, please logon to the e-learning platform - www.sarderlearning.com. Avail the special promotion meant for FIRST TIME USERS. Use your coupon code – SARDER10 and begin your leadership journey. Now!!
- Sarder Learning is a micro-learning knowledge platform that brings the world’s best Fortune 500 companies CXOs, Ivy League professors and best selling authors together to share industry –wide best practices related to leadership & management. Sarder Learning under 13 different categories has a rapidly growing course library relevant across multiple domains with well defined specific learning paths and scenario –based learning. An intuitive and responsive learning management system environment makes it easy to track one’s learning journey take courses at convinence
- To get your dose of Latest Business Insights FROM Corporate America, logonto Sardertv.com. Don’t forget to register for our newsletter.
- I’d like to thank the team members that were part of this webinar: Swedha Sarah Gaurav Ben Ankuna vashali &special thanks to Chief Engineer Mina Henery from IBM Germany for his valuable support