Set up vSphere Single Sign-On 5.5 in vSphere 5.1 without upgrading to 5.5

You can use Single Sign-On in vSphere 5.5 with vSphere 5.1, which means you can benefit from the bug fixes in the latest version of SSO without upgrading from your vSphere 5.1 environment.



If you felt the pain of installing vSphere 5.1 Single Sign-On (SSO) when it first came out, you know it wasn't easy for various reasons. It was brand new, and we were all used to really easy upgrades from VMware. Another reason is VMware was using RSA tools that were very locked down, so if you didn't configure things just right, it wouldn't work. Also, it was next to impossible to put the SSO database on a different server.

vSphere 5.5 came out a few months ago, and VMware decided to totally re-write the SSO product. This is great for those who are able to be early adopters of upgrades, but many companies won't even think about upgrading until Update 1 or 2 comes out.

The nice thing about SSO in vSphere 5.5 is that you can use it with vSphere 5.1. So, you don't have to do a full upgrade, but you do get to enjoy the ease of use and bug fixes offered with the new version of SSO. I'll walk through how to set up vSphere SSO 5.5 within a vSphere 5.1 environment.

You'll need to download the vCenter 5.5 .ISO from, because that's what contains SSO.

1. Mount the .ISO file on your vCenter 5.1 VM.

2. Open your DVD drive and click the Autorun utility, which brings up the installation GUI (Figure A).

Figure A



3. Click vCenter Single Sign-On and click Install.

4. The intro screen will detect that you have a previous version installed. Click Next.

5. Accept the EULA and click Next.

6. The install will check that you've met any pre-requisites (mainly that the machine is joined to a domain and the FQDN checks out). Click Next.

7. You'll get a message saying that you will be upgrading from a previous version. Click Next.

8. This will be the first and only vCenter in the site I'm upgrading, so I'll choose that option on the next screen. Select the option that's appropriate for your environment (Figure B).

See Figure B



9. Enter a new password for the Administrator credential and click Next. In vSphere 5.5 the SSO administrator user is administrator@System-Domain. In vSphere 5.1 it was administrator@vsphere.local.

10. Enter a site name, select an install folder, and click Next.

11. Click Install on the next screen.

12. The install will take several minutes. When it's complete, click Finish. Complete this installation on any other SSO servers in your environment.

We also need to upgrade the Web Client to 5.5 as you can see from this KB article. At this point, we won't be able to connect to vCenter using the Web Client, but admins and users can still connect to the C# client.

1. Go back to the installation GUI, click vSphere Web Client, and then click Install.

2. Click Next through the intro screen. It will tell you that it's found a previous version of the software and that it will be upgraded.

3. Accept the EULA and click Next.

4. Accept the default ports and click Next.

5. Enter the SSO password that you specified for administrator@vsphere.local in step 9 of the SSO installation and click Next.

6. Click Install on the next screen.

7. When the installation is complete, click Finish. You'll get a message saying that you need to give it a few minutes to start the service before you can connect to the Web Client.

That completes the install, but we still want to go into the vSphere Web Client to make sure everything is configured properly. Remember, we can only configure SSO through the web client, which we can get to by going to https://<IP_of_vCenter>:9443.

As you can see in Figure C, a lot of the same components are present, but they look a little different. However, you should be able to sign in both with any AD accounts that were configured before and the Administrator@vsphere.local account. See Figure C for an idea of how SSO 5.5 looks within the 5.5 Web Client.

Figure C



By Lauren Malhoit

Lauren Malhoit has been in the IT field for over 10 years and has acquired several data center certifications. She's currently a Technology Evangelist for Cisco focusing on ACI and Nexus 9000. She has been writing for a few years for TechRepublic, Te...