If you felt the pain of installing vSphere 5.1 Single
Sign-On (SSO) when it first came out, you know it wasn’t easy for various reasons. It
was brand new, and we were all used to really easy upgrades from VMware. Another reason is VMware was using RSA
tools that were very locked down, so if you didn’t configure things just right, it wouldn’t work. Also, it was next to impossible to put the SSO database on a different server.
vSphere 5.5 came out a few months ago, and VMware decided to
totally re-write the SSO product. This is great for those who are able to be early adopters of upgrades,
but many companies won’t even think about upgrading until Update 1 or 2 comes
The nice thing about SSO in
vSphere 5.5 is that you can use it with vSphere 5.1. So, you don’t have to do a full upgrade, but you do get to
enjoy the ease of use and bug fixes offered with the new version of SSO. I’ll walk through how to set up
vSphere SSO 5.5 within a vSphere 5.1 environment.
You’ll need to download the vCenter 5.5 .ISO from VMware.com, because that’s what contains SSO.
1. Mount the .ISO file on your vCenter 5.1 VM.
2. Open your DVD drive and click the Autorun utility, which brings up the installation GUI (Figure A).
3. Click vCenter Single Sign-On and click
4. The intro screen will detect that you have a
previous version installed. Click
5. Accept the EULA and click Next.
6. The install will check that you’ve met any
pre-requisites (mainly that the machine is joined to a domain and the FQDN
checks out). Click Next.
7. You’ll get a message saying that you will
be upgrading from a previous version. Click Next.
8. This will be the first and only vCenter in the
site I’m upgrading, so I’ll choose that option on the next screen. Select the option that’s appropriate
for your environment (Figure B).
See Figure B
9. Enter a new password for the Administrator
credential and click Next. In
vSphere 5.5 the SSO administrator user is administrator@System-Domain. In vSphere 5.1 it was
a site name, select an install folder, and click Next.
Install on the next screen.
install will take several minutes. When it’s complete, click Finish. Complete this installation on any other SSO servers in your
We also need to upgrade the Web Client to 5.5 as you can see
from this KB article. At this point, we won’t be able to
connect to vCenter using the Web Client, but admins and users can still connect
to the C# client.
1. Go back to the installation GUI, click vSphere Web Client, and then click Install.
2. Click Next through the intro screen. It will tell you that it’s found a
previous version of the software and that it will be upgraded.
3. Accept the EULA and click Next.
4. Accept the default ports and click Next.
5. Enter the SSO password that you
specified for email@example.com
in step 9 of the SSO installation and click Next.
6. Click Install on the next screen.
7. When the installation is complete, click
Finish. You’ll get a message
saying that you need to give it a few minutes to start the service before you
can connect to the Web Client.
That completes the install, but we still want to go into the
vSphere Web Client to make sure everything is configured properly. Remember, we can only configure SSO
through the web client, which we can get to by going to https://<IP_of_vCenter>:9443.
As you can see in Figure C, a
lot of the same components are present, but they look a little different. However, you should be able to
sign in both with any AD accounts that were configured before and the Administrator@vsphere.local
account. See Figure C for an idea of how SSO 5.5 looks within the 5.5 Web Client.