Petri Newsletter Sign-up
Tech Tuesday

Subscribe to Tech Tuesday, the latest insights from for IT Pros.

    See All Petri Newsletters

    Single Sign-On (SSO) Improvements in vSphere 5.5

    Posted on by Brian Suhr in VMware with 4 Comments

    One of the biggest improvements in the recently announced vSphere 5.5 is the updates to Single Sign-On (SSO). This new version of SSO makes me extremely happy and I think it will have the same affect for the customers I work with. The initial SSO attempt in vSphere 5.1 was… well, lets just say it could have been better. Today I’ll cover the changes to this SSO update and why it makes for a better product.

    vSphere 5.5, SSO, and Improved Architecture

    Multi-master No more working with a primary and secondary architecture with strict database rules. The new SSO product uses a multi-master model for the SSO servers.

    Built in replication  Replication is now built in and happens automatically between SSO servers within the same domain.

    Site awareness  There is now the ability within an SSO domain to define sites. Sites would typically be physical data center locations. This makes the architecture a little easier to understand and design for.

    Adios, SSO Database

    The big news here is that there is no SSO database any more. This change allows for the improved architecture covered earlier. While the database was not impossible, it did give many admins a rash while trying to setup the first couple of attempts.

    SSO Installation Updates

    With the updated version of SSO there is now just a single deployment method. This simplifies things a great deal. The previous version confused many people about when should they use simple, HA, or multi-site configurations.

    New install options are as follows:

    • First server in a new domain
    • Add a server in an existing domain
    • Add a server in an existing domain with a new site

    SSO Diagnostics and Troubleshooting

    VMware has also package a set of diagnostic and troubleshooting tools with this release of SSO. I welcome this because even when talking with VMware people and their support staff there was a huge void in SSO experience. Having a set of tools that can aide in resolving SSO issues.

    SSO Install Recommendations

    For a large portions of customers VMware recommends them to KISS (Keep It Simple SSO!) when architecting and installing their SSO environment. This means that for data centers with one to five vCenters the primary architecture choice would be to install all the components for a vCenter on a single server as shown below. This keeps things simple and still performs very well for environments with up to 1000 hors or 10,000 VMs. This model keeps all the services local and does not create any new external dependencies.

    vSphere 5.5 and Single Sign-On Improvements


    The alternative architecture for larger data centers with more than five vCenters should consider the following model. This model uses a centralized SSO and vSphere Web Client install that all vCenters will access. This model supports a mixed vCenter version of both vCenter 5.1 and 5.5. This will be welcome for customers that have mixed requirements or long upgrade processes.

    To support the high availability of this model the following are some requirements and options for consideration:

    • vSphere HA
    • Network Load Balancer
    • vCenter Heartbeat

    vSphere 5.5 and Single Sign-On Improvements



    Don't have a login but want to join the conversation? Sign up for a Petri Account


    Register for this Petri Webinar!

    Software-Defined Backup Storage: Agnostic, Easy and Cloud-Ready

    Tuesday, August 27, 2019 @ 1:00 pm EDT

    A Scale-Out Backup storage infrastructure is a must-have technology for your backups. In this webinar, join expert Rick Vanover for a look on what real-world problems are solved by the Scale-Out Backup Repository.

    Register Now

    Sponsored By