October 26, 2012 1 Comment
In the wake of my post on the introduction of Single Sign On, I noticed many people were searching for installation help. So I figured I’d write up how I did it in my lab.
There are two ways to go about this. The installer gives you the option of SQL Express or using a supported database (MS SQL, Oracle, DB2, or Postgres). In this post, I’ll show you how to install SSO with an existing SQL Server instance. The easiest way to install SSO is to use the SQL Express as the installer handles the DB creation and connectivity. From a backup perspective, an existing SQL Server instance is far better.
For this, you’ll need an existing SQL Server instance. This can run on either the vCenter itself or as a separate server. I won’t bog through installing SQL Server, we’ll just assume you’ve installed it and have it running.
Step 1: Create the database.
Inside [vSphere 5.1 Install Media]\Single Sign On\DBScripts\SSOServer\schema\mssql is a set of scripts that will build or change the Single Sign On database. Open SQL Server Management Studio, connect to your SQL Server instance and drag rsaIMSLiteMSSQLSetupTablespaces.sql into Management Studio.
This will open a new query window in SQL Server Management Studio. We need to change the file locations for the database.
Change this to the location you wish to save the file into. Do this for the other two file location lines. These should all stay together unless you specifically (and in production, should) separate log files from data files. In this case, this is in my lab so I kept them in the same location.
Execute the procedure and a new database called RSA will be created.
We will also need to enable Mixed Authentication. The installer uses a built in user to the database (RSA_DBA) to connect to the database. Right click on the SQL Server in the left pane and click Properties. Click Security in the left pane of the new window and select SQL Server and Windows Authentication mode.
You can close SQL Server Management Studio now.
Step 2: Install Single Sign On
Run the installer from the install media. This can be done via the “Simple Install” (which installs SSO, vCenter Inventory Service and vCenter Server) or by installing just SSO.
Create a new primary node for a vCenter Single Sign On Installation
In this instance, we’ll create a primary node for a new installation. Because we’re doing this, you could add another node later for high availability. Without this, you’re stuck with one node. If that node fails, so does vCenter. If you set up basic, I would suggest running it on the same machine as vCenter as it eliminates a point of failure. The only failure points are the service failing or the backend database not being available.
Create a password. Make it a good one and save it somewhere safe (like KeePass or LastPass).
Because we’ve already run the SQL script to create the database, we’ll select the Use an existing supported database option. The SQL Express option is far easier, but doesn’t scale up as well and backups are a bit trickier.
Here’s where the fun begins. Set the database type to Mssql, insert the database name of RSA (which is the database the script creates), enter the IP or hostname of the SQL server, and check Use Windows Authentication. Make sure you’re an admin on the SQL server or you’ll get an authentication failure. If you knew a SQL user that had admin rights, you could enter those credentials here.
Click Next on the Fully Qualified Domain Name or IP Address of the host. If it can’t resolve the hostname, that’s OK.
Next, select a user account to run the Security Support Provider Interface server as. I took the default in my lab. If you have an application-only user you prefer to use, here’s where to enter it. I would make sure it has rights to the Single Sign On database. In my case, I was running it on the same machine as Single Sign On so the default was sufficient.
Select the location you wish to install the Single Sign On service to
Select the port you wish to use for the service. Taking the default is preferred here.
Click Install. If you get any errors, run them through the VMware KB. The documentation is well done on common errors. I got a “Error 29115: Cannot authenticate to DB” error, which was resolved by setting up SQL and Windows authentication on the database server.
That’s it! Install the Inventory Service and vCenter Server and you’ll have an up and running vCenter 5.1 install.
If you’re upgrading your existing vCenter and will run SSO with it, I would HIGHLY recommend adding memory to the VM or machine running vCenter. It works with 4 GB but is much more responsive with 6 GB at a minimum, 8 GB if you can spare it. The other option is to split SSO off onto its own VM or machine. You could build a multi-node install for availability this way.
Leave comments below and I’ll try to answer your questions!