vSphere 5.5 Install Pt. 7: Install SSO

10-5-2013 8-45-11 PM Yes, seven parts into this series we can finally mount our handy dandy vCenter 5.5 ISO and start installing software. Hopefully I haven’t lost anyone along the way with all of the background and SSL information. But with the complexities in vCenter 5.5 and all the moving parts, I think it’s important to know what’s going on in case you run into issues. I want this series to be more than just screenshots and scripts blindly leading you through an install.

Blog Series

SQL 2012 AlwaysOn Failover Cluster for vCenter
vSphere 5.5 Install Pt. 1: Introduction
vSphere 5.5 Install Pt. 2: SSO 5.5 Reborn 
vSphere 5.5 Install Pt. 3: vCenter Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 4: ESXi 5.5 Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 5: SSL Deep Dive
vSphere 5.5 Install Pt. 6: SSL Certificate Template
vSphere 5.5 Install Pt. 7: Install SSO
vSphere 5.5 Install Pt. 8: Online SSL Minting
vSphere 5.5 Install Pt. 9: Offline SSL Minting
vSphere 5.5 Install Pt. 10: Update SSO Certificate
vSphere 5.5 Install Pt. 11: Install Web Client 
vSphere 5.5 Install Pt. 12: Configure SSO
vSphere 5.5 Install Pt. 13: Install Inventory Service
vSphere 5.5 Install Pt. 14: Create Databases
vSphere 5.5 Install Pt. 15: Install vCenter
vSphere 5.5 Install Pt. 16: vCenter SSL
vSphere 5.5 Install Pt. 17: Install VUM
vSphere 5.5 Install Pt. 18: VUM SSL
vSphere 5.5 Install Pt. 19: ESXi SSL Certificate

Permalink to this series: vexpert.me/Derek55
Permalink to the Toolkit script: vexpert.me/toolkit55

Provision vCenter VM

Before we install SSO, we need to provision the vCenter VM. Per VMware recommendations, KB2052334, the VM needs at least 12GB of RAM for a “simple” all in one installation. Don’t skip on memory as performance will likely take a beating, depending on the number of hosts and VMs you are managing.

  • At least 2 vCPUs
  • At least 12GB of RAM
  • At least 70GB D drive (more with VUM)
  • Use VMXNET3 NIC
  • Use hardware version 9 or earlier
  • Recommend Windows Server 2012
  • Enable hot add of memory/CPU
  • Fully patched

If you want to use the web client on the vCenter server with IE, then you must install the Desktop Experience feature. Why? That’s the only way to get Flash player in IE with Windows Server 2012. VMware really needs to dump the Flash interface and go HTML5. If you use a third party browser, make sure you get the very latest Flash player.

After you install the Desktop Experience make sure you patch it. Why? The stock Flash player version is not compatible with the web client and needs to be updated via Windows Update/WSUS/SCCM to the latest version.

10-8-2013 6-11-01 AM

If you will be using IE on the vCenter server you also need to turn off the IE enhanced security mode.

10-8-2013 5-40-17 PM

Basic SSO Install

The installation process in SSO 5.5 is vastly different from vCenter 5.1. As previously mentioned gone is the SQL database requirement, which caused untold grief. Instead of spending days trying to get the SQL JDBC connector working with SSL (which ultimately never did work), you can now click through the install wizard in about 60 seconds. No fuss, no pain, no hair loss. Pure bliss.

1. Login to your vCenter VM and mount the vSphere 5.5a (note the ‘a’ or use the latest available) ISO. Your user account must NOT have an exclamation point in it. If it does, the installer may fail. Use a different account.  Even though we are doing a “Simple Install” in concept, I want to go through the Custom Install. Why? That way we can modify the installation paths (which you can’t do with the simple install), and also more clearly walk through each component. Click on vCenter Single Sign-On then Install.

10-7-2013 7-17-29 PM

2. On the Welcome screen click Next.

10-7-2013 7-20-34 PM

3. Thoroughly read all the entire EULA. (Pausing for 3 hours..)

10-7-2013 7-22-07 PM

4. Review the Prerequisites screen and click Next. Enterprise grade DNS is key, and you must have both forward and reverse records working for your vCenter server. Time is also important, so ensure your vCenter VM is correctly synchronizing with your DCs.

10-7-2013 7-22-54 PM

5. Now you need to choose your SSO deployment mode. In our case we will leave the default option, your very first vCenter server.

10-7-2013 7-25-28 PM

6. Next up we have to enter a password. Now this is tricky, because a number of special characters are illegal and will cause you grief. I do not know the maximum length. Specifically, do NOT use:

Non-ASCII characters
Ampersand (&)
Semicolon  ( ; )
Double quotation mark  ( ” )
Single quotation mark ( ‘ )
Circumflex ( ^ )
Backslash ( \ )
Percent ( % )
Less than ( < )
Exclamation ( ! )
Space (   )

 10-7-2013 7-31-43 PM

7. Now you need to enter a site name. I would change the default value, and make it meaningful. Also, do NOT enter the FQDN or short hostname of your server here. That could cause problems. Site names will become more important in the future, so again, give this a minute or two of thought.

10-7-2013 7-32-58 PM

8. I would not customize the port number unless you REALLY know what you are doing and want to cause yourself some possible future headaches. Just keep the default, guys.

10-7-2013 7-35-41 PM

9. I’m a firm believer of installing most software on a drive other than C. Why? Application logs can fill up a drive, and there could be some security implications as well. My standard is “D” for all major enterprise apps like vCenter. However, per KB 2044953, the web client (not SSO) will not work if installed on any drive but C. So if you want to keep all your vCenter binaries together, you are stuck with the C drive.

10-7-2013 7-37-12 PM

10. On the final screen review all of the settings and verify they are 100% correct. Click Install and wait a few minutes.

10-7-2013 7-39-04 PM

11. You should get a Completed message, and now you can smile.

10-7-2013 7-45-19 PM

SSO Patch Time

With the 5.5 GA version there is a known problem using Windows Server 2012 and Windows Server 2012 domain controllers. VMware has released a patched DLL to resolve the issue. But better than that you should use the vCenter 5.5a (note the ‘a’) ISO which has the fix built in.

If you are using a non-update (i.e. Sept 2013 GA) version of vSphere 5.5, then go to KB2060901 and follow the instructions to replace the indicated DLL. It’s cake to do, so I won’t show you how. Again, please install all components from the 5.5a media or later so you can skip this manual step.

Summary

The SSO installation in vSphere 5.5 is vastly easier than it was in 5.1. Just a few clicks and your SSO server is running. No more SQL, JDBC connections, or databases to create. Major improvement! Next up is minting your SSL certificates from an online Microsoft CA in Part 8.

Print Friendly, PDF & Email

Related Posts

Subscribe
Notify of
9 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Michael
December 20, 2013 1:19 pm

I was able to use an ! in the password without a problem in my lab installation

August 9, 2014 4:34 pm

That was too easy… something must be wrong. Right?

Carlo
August 28, 2014 2:50 am

Hi Derek,
can you confirm that SSO is a mandatory component for vCenter 5.5 and that I cannot skip this part.
I have had a very bad experience with SO in a previous vCenter installation and gone through a three months open ticket with VMWare to solve a whole bunch of bugs. I should have become allergic to it.
Actually, I still wonder what are the reasons why VMware has added this component to its solution….
Thanks
Carlo