Hi-
I want to use AD to authenticate access to my vCenter 5.5 appliance. The vCenter and AD domain controllers are on separate VLANs with firewalls. What ports need to be open between the two VLANs before I proceed to the next steps?
Thanks!
I've seen this, but the ports listed don't seem like they're for what I need.
Assuming you will add the Active Directory as LDAP Server, the port number depends, see the ports on the field Primary Server URL: https://pubs.vmware.com/vsphere-55/topic/com.vmware.vsphere.security.doc/GUID-98B36135-CDC1-435C-8F2...
Thanks for the info...
I would like to just join the vCenter to my domain and be able to use AD group/rights to login. I believe it was a lot simpler in 5.0 because I don't rememberer all the SSO stuff. I don't see a reason why I would need SSO so I guess my question is... Is there a way to just join the appliance to my domain and add the AD groups to the appliance once joined w/o SSO components?
Thanks
You can go to https://"your-vcenter-fqdn":5480 (log in with the root credentials of the appliance) and then heading to "vCenter Server" > "Authentication"; there is a possibility to join the appliance to your AD. I've only seen this once and in our production we're doing the same what rcporto already described... adding AD as LDAP server so there is no need to join the AD and this is just working fine over years now.
Remember: If your AD DC is in your virtual environment, it would be wise to have a "backup" user like "administrator@vsphere.local" for logging into vSphere ... however you should always have the credentials for this account.
"Just Join" the VCSA to the domain implies creating a dependence of the VCSA on the domain! No domain may equal no VCSA!
I much prefer using LADP or LDAPs as that allows AD authentication without creating a dependence!.