Translate

Total Pageviews

My YouTube Channel

Monday, 28 May 2018

vCenter Deployment Mode Impact on NSX - SSO Integration

Integrating the single sign on (SSO) service with NSX improves the security of user authentication for vCenter users and enables NSX to authenticate users from other identity services such as AD, NIS, and LDAP.

With SSO, NSX supports authentication using authenticated Security Assertion Markup Language (SAML) tokens from a trusted source via REST API calls. NSX Manager can also acquire authentication SAML tokens for use with other VMware solutions.

SSO service must be installed on the vCenter Server.
NTP server must be specified so that the SSO server time and NSX Manager time is in sync.

1

Log in to the NSX Manager virtual appliance.
2

Under Appliance Management, click Manage Settings.
3

Click NSX Management Service.
4

Click Edit next to Lookup Service.
5

Type the name or IP address of the host that has the lookup service.
6

Change the port number if required. The default port is 7444.
The Lookup Service URL is displayed based on the specified host and port.
7

Type the vCenter administrator user name and password (for example, administrator@vsphere.local).
This enables NSX Manager to register itself with the Security Token Service server.
8

Click OK.
Confirm that the Lookup Service status is Connected.

What is the Impact of NSX-SSO Integration when vCenter is Using Embedded PSC?
SSO Users or SSO Integrated Domain Users cannot access NSX Manager through REST API Calls or vSphere Web Client when vCenter is not available as PSC too will not be available in this case.

 


What is the Impact of NSX-SSO Integration when vCenter is Using External PSC?
SSO Users or SSO Integrated Domain Users can still access NSX Manager through REST API Calls when vCenter is not available but PSC is available and they cannot access it through vSphere Web Client as this client resides in vCenter Server too.