vCenter Server Appliance 6 vCSA - Configuration

In my earlier post vCenter Server Appliance 6 (vCSA) installation I guided you through vCenter Server Appliance 6 installation. Next step is to configure our Appliance so we can use it in our environments.

vCenter Server Appliance 6 configuration

We will cover configuration of several components:

  • vCenter Server Appliance 6 configure SSO to authenticate with Active Directory
  • vCenter Server Appliance 6 join Active Directory
  • Assign permission to Active Directory group in vCenter Server Appliance 6

vCenter Server Appliance 6 login address

To login use simpler to remember IMHO web address https://FQDN/vsphere-client or and use username and password setup during installation.

vCenter Server Appliance 6 configure SSO to authenticate with Active Directory

Version 6 of changed a bit of user interface. In earlier version we had two URLs to manage appliance. One for vSphere management itself and second one for Appliance configuration. In version 6 we have only one place to manage whole appliance.

I always start configuration of Appliance with SSO configuration.

  1. On Home screen click Administration.
    vCenter Server Appliance 6 vCSA - Configuration 8
  2. In Navigation panel click Configuration and later on green plus.
    vCenter Server Appliance 6 vCSA - Configuration 9
  3. In the Add identity source window fill all information.
    vCenter Server Appliance 6 vCSA - Configuration 10

    1. Identity source type – I selected Active Directory as an LDAP Server
    2. Name – provide your domain name. For example: domain.local
    3. Base DN for users – it is distinguished name of OU or container from where you want to perform search for users. If you want whole Active Directory domain to be queried use only domain component. For example: DC=domain,DC=local
    4. Domain name – provide your domain name.
    5. Domain alias – not required field.
    6. Base DN for groups: same as above. I selected DC=domain,DC=local.
    7. Primary server URL – provide address of LDAP server. For example: ldap://your.domain:389 if you wan to use standard connection or ldaps://your.domain:636 if you wish to use SSL connectivity.
      When you use ldaps you are required to import certificate into vCenter Server Appliance.
    8. Choose Certificate – used only if ldaps is selected in previous point. Select valid certificate and click Open. If you have correct certificate you will see this message.
      vCenter Server Appliance 6 vCSA - Configuration 12
    9. Type username who from you Active Directory domain.
    10. Type password.
    11. Click Test Connection. If all information you provided were right you will see this message.
      vCenter Server Appliance 6 vCSA - Configuration 13
    12. Click Ok and your Active Directory should be listed as Identity Sources.
      vCenter Server Appliance 6 vCSA - Configuration 14
    13. Here is summary of settings in earlier window.
      vCenter Server Appliance 6 vCSA - Configuration 11
  4. Next step is to choose your Identity Source as default domain. Simply highlight your domain and click icon.
    vCenter Server Appliance 6 vCSA - Configuration 15
  5. Click Yes.
    vCenter Server Appliance 6 vCSA - Configuration 16

vCenter Server Appliance 6 join Active Directory

After Single Sign-On configuration we now can join vCenter Server Appliance to Active Directory.

  1. Navigate to System Configuration and click it.
    vCenter Server Appliance 6 vCSA - Configuration 1
  2. Click on your vCenter Server Appliance.
    vCenter Server Appliance 6 vCSA - Configuration 2
  3. Switch from Summary tab to Manage tab.
    vCenter Server Appliance 6 vCSA - Configuration  3
  4. On Manage tab click Settings and select Active Directory.
    vCenter Server Appliance 6 vCSA - Configuration 4
  5. Click Join and new window will be open. Fill all information and click ok.
    vCenter Server Appliance 6 vCSA - Configuration 5

    • Domain – simply put your domain
    • Organizational unit – optionally provide it distinguished name. For example: CN=Computers,DC=your,DC=domain,DC=local
    • User name – username in upn format. For example [email protected]
    • Password
  6. Progress of joining Active Directory might be observer in Recent Tasks.
    vCenter Server Appliance 6 vCSA - Configuration 6
  7. Unfortunately there is no information if you joined Active Directory domain or not. Reboot Appliance and navigate to settings again and you will see if it was successful.
    vCenter Server Appliance 6 vCSA - Configuration 7
  8. After joining Active Directory reboot appliance.

Assign permission to Active Directory group in vCenter Server Appliance 6

Last step will be to add group from Active Directory and assign administrator permissions in vCenter.

  1. On Home Screen click vCenter Inventory List and click it.
    vCenter Server Appliance 6 vCSA - Configuration 17
  2. Click vCenter Servers.
    vCenter Server Appliance 6 vCSA - Configuration 18
  3. Select your vCenter Server.
    vCenter Server Appliance 6 vCSA - Configuration 19
  4. Switch from Summary tab to Manage and click Permissions.
    vCenter Server Appliance 6 vCSA - Configuration 20
  5. Click green plus icon, select desired role (in my case Administrator) and click Add.
    vCenter Server Appliance 6 vCSA - Configuration 21
  6. Once you clicked Add you seen that your Active Directory domain is pre-selected as default identity source. Use search field to find your username or group you wish to add. In my case it is group.
    vCenter Server Appliance 6 vCSA - Configuration 22
    Click OK to go ahead.
  7. Select Propagate to children and click OK.
    vCenter Server Appliance 6 vCSA - Configuration 23
  8. Test if it is working by logging out and logging back again with domain credentials.

Summary

This concludes configuration of vCenter Server Appliance 6. If you have more questions about appliance configuration feel free to contact me.

Social Media

Wojciech Marusiak

Cloud Solution Architect at Microsoft
I am an innovative and experienced IT professional with over 13 years in the IT industry.

My experience and skills have been proven by leading vendor certifications like AWS, Alibaba Cloud, VMware, and Microsoft. I contribute to the IT community and I received VMware vExpert 2014 - 2019, vExpert Pro and VMware vExpert NSX 2017 Award.

My blog wojcieh.net - was voted #76 in Top vBlog 2018 contest!

Do what you love, and you’ll never work another day in your life.
Wojciech Marusiak
Social Media