As I already mentioned, VMware SSO is now a requirement before installing VCenter server. I, along with many, many other admins out there do not think this should be a requirement. It seems to be a push for VMware to cram security down our throats. While I agree security should be at every admin's top priority, there is such thing as going overboard. I think back to my days of supporting SMB's where 2 or 3 esxi hosts were all that needed to be managed for a Vcenter and this SSO requirement just adds a huge, thick layer into those installs. Read more here about it to understand it.
The easiest way to do the SSO in a large environment is as follows:
- Install SQL server 2008r2 on server 2008r2. (Vmware does not support SQL 2012 or server 2012 for Vcenter or SSO as of this writing). Configure your instance how you want. (I am assuming you know how to do this already).
- Open up SQL Server Management Studio.
- Go the following location on the Vcenter Server install Disc: \VCenter 5.1\Single Sign On\DBScripts\SSOServer\schema\mssql
- Click and launch the Script: rsaIMSLiteMSSQLSetupTablespaces
- You should now see the script in SQL Management studio like this:
- This script will create the SSO database for you. I strongly recommend you don't be like me and try to get all fancy and name the database the way you want because your anal and want to be able to see a database name that makes sense to you down the road. I spent many hours doing this... just stick to the defaults and what I write here and you will be off and on your way.
- You need to change three lines in this script for the location of the database files. If you read the green text its pretty clear how to do this. The lines you need to change all have C:\Change Me\.... marked in red. Just put your path to where you want the database files in place of those lines.
So go from this:
To this:
- Run and execute that script and your SSO database named "RSA" will be created.
- Now you have to setup the user and DBA user for that database. Thankfully VMware provided another script in that same location of the VCenter installer you just lifted the last one from! With your SQL management studio still open, launch this script: rsaIMSLiteMSSQLSetupUsers
- The only thing you will want to change in this one is the passwords for the users its going to create. Leave everything else the default and make sure to record the user names "RSA_DBA" and "RSA_USER" with the passwords you give them in this script. Give them good strong passwords. The lines you want to change are in red:
Make sure to leave the ' marks and put your password in between them for each user.
- Execute that script and your are done. Now you can install the VMware SSO from the installer disc.
- During the install select "Create the primary Node...." because you would not have needed to do any of the above otherwise. :-)
- At the next options menu select "create the primary node..."
- type in a new password and confirm it for the new admin sso account.
- Now choose "use an existing supported database" because you just created one.
- The next screen is where you are going to put in your information for the "RSA" database you created as follows:
The JDBC stuff is for certificates which I am not covering here, and most VMware admins of small or medium datacenters like myself don't use them anyway.
- After that the final "next" will connect to the database, create that sso admin user account and your off and running. The install takes a little bit of time so go grab a cup-o-coffee. :-)
Now you can move on and install Vcenter. I will post soon on how to install a full SQL database to prep for VCenter to install to. There most likely are other VMware admins out there like me who don't have a clue on SQL.
Happy Virtualizing!
No comments:
Post a Comment