Thursday, November 22, 2012

vCenter 5.1.0a - How to install a Single Sign-On server

The vCenter Server 5.1 release includes significant architectural changes. One of those major changes is the introduction of Single Sign-On (aka SSO) as a solution to manage all users authentications to the increasing number of third part products VMWare is putting into its bundle. By using SSO authorized vCenter Server, users will be able to access multiple vCenter Server systems with a single login. See this link for more on vCenter Single Sign-On.

As you might have heard through the forums, vCenter 5.1 had many major bugs which discouraged many system administrators from upgrading their infrastructure. I was one of those sysadmins.

Starting from october 25, 2012 a more stable release (named VMware vCenter Server 5.1.0a) has been published, and therefore I decided to upgrade my vCenter to it.

I didn't go far with this plan. In fact, when I read the support matrix, I discovered that ESX 3.5 was no more supported under vCenter 5.1, and I have still many of them out there which I cannot upgrade yet for several reasons.

What I decided is to install a completely new vCenter infrastructure to host all the newer ESX 4.1 and ESXi5. And the first step to pass to vCenter 5.1 is to install an SSO instance.


There are already a few of those procedures out there describing the whole process of configuring SSO, but they are way too complex for such an easy task. Here's the procedure I followed. I hope it will be simpler than the one I had to go through myself. Do not hesitate to suggest any improvement in readability!

STEP 1: OS Installation

I started with deploying a new Windows 2008 R2 SP1 virtual machine which is aimed to host the aforementioned SSO service. The requirements for the basic SSO service are 3GB of RAM and 2GB of disk space, but if the database is on this same machine you may need to increase this values. For the moment there is no feedback on this from the community, but I will be glad to share as soon as I know.

Open a remote connection to that VM, open Server Manager and add the feature named .NET Framework 3.5.1. You don't need anything else, unless you want to use the bundled SQL 2008 express installation, in which case you should also install Windows Installer 4.5.

Edit your virtual machine settings and add a secondary disk to host the database files. As I said before there are no guidelines on the size for the SSO database but I reckon that 10GB should be largely sufficient for any installation.

Initialize and format this disk under Disk Management and there you create a folder named Databases and a subfolder named SSO (ie e:\Databases\SSO\).

STEP 2: SQL Installation

Now install Microsoft SQL Server 2008 and configure the services to start with the Local system account. Also tell the system to automatically start the SQL Server and SQL Server agent services at start-up.

Microsoft SQL server services configuration
Set the authentication to Mixed (this is important!) and specify a secure password for the SA account. You will need this account later to start SQL Management Studio and create the SSO databases.

A little note: when you choose the collation, you must select Latin1_General if you live in a English speaking country or in any other country using the basic latin alphabet without special accents. 

For the rest leave the default parameters unless you are a DBA and have the knowledge to customize more.

STEP 3: SQL Pre-configuration with two VMWare scripts

Once SQL is installed, move to the D:\Single Sign On\DBScripts\SSOServer\schema\mssql folder on your mounted DVD drive and double-click on rsaIMSLiteMSSQLSetupTablespaces.sql. SQL Management Studio will start and you will connect to it with the SA account and modify the three lines of that script that specify the location where to store the database, then click on Execute!:

Change:
  • FILENAME='C:\CHANGE ME\RSA_DATA.mdf' to FILENAME='E:\Databases\SSO\RSA_DATA.mdf' 
  • FILENAME='C:\CHANGE ME\RSA_INDEX.mdf' to FILENAME='E:\Databases\SSO\RSA_INDEX.mdf' 
  • FILENAME='C:\CHANGE ME\translog.idf' to FILENAME='E:\Databases\SSO\translog.idf'
Go back to D:\Single Sign On\DBScripts\SSOServer\schema\mssql folder on your DVD drive and double-click on rsaIMSLiteMSSQLSetupUsers.sql. It will open in SQL Management Studio as well. Change the password inside the quotes for the two accounts and click on Execute! once again:
  • CREATE LOGIN RSA_DBA WITH PASSWORD = 'yourpassword', DEFAULT_DATABASE = RSA 
  • CREATE LOGIN RSA_USER WITH PASSWORD = ' yourpassword', DEFAULT_DATABASE = RSA
That's all for SQL configuration.

What you have to retain is that now there is a RSA database for which two users are declared: RSA_DBA and RSA_USER. The RSA_DBA user is used during installation while RSA_USER is used during operation. This means also that you can delete the RSA_DBA user after the installation because you won't need it again.

STEP 4:  Single Sign-On installation

Now download the latest iso VMware-VIMSetup-all-5.1.0-880471.iso, which contains also the installer for vCenter Server 5.1.0a) and mount it in your virtual machine. Let's start the installation of SSO.
 
Single Sign-On
Quickly go through the installation choosing to install a new SSO Primary node, in order to be able to add other nodes should you need them:

Choosing Single Sign-On type
Set a secure password for the admin@System-Domain user account, which is the default SSO admin. This password will be checked by the installer and a popup will appear if it's not secure enough. Do use special characters. In version 5.1 there was an issue (error 29133) with special characters in this password but this has been promptly solved by VMWare with this release.

Choose then to use an existing database. The installer will tell you to create the RSA database first, but we already went there and done that, so let's keep on.


At this point we have to enter the information about the database and the users we created before. In the database type choose MSSQL. Enter RSA as database name, RSA_USER as Database user name and RSA_DBA as Database DBA user name. Leave the JDBC url empty.
Database connection information window
Finish the installation by selecting all the default values (use network service account and port 7444).

That's all for the installation of vCenter SSO on a brand new Windows 2008 R2 with Microsoft SQL. For more details check out the release notes by VMWare as stated at the beginning of this post. Do not hesitate to leave comments or ask questions if you had any problem with the configuration. I also wholeheartedly suggest to
read the VMWare FAQ, where the main difficult points are clearly and quickly given an explanation.



If you need help with the installation of the Inventory Service, check my next post!

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...