VMWARE VSPHERE 8.

0
INSTALL, CONFIGURE, MANAGE

Lab 5: Adding an Identity Source

Document Version: 2023-03-08

Copyright © 2023 Network Development Group, Inc.

www.netdevgroup.com

NETLAB+ is a registered trademark of Network Development Group, Inc.

VMware is a registered trademark of VMware, Inc.

Lab 5: Adding an Identity Source

Contents
Introduction .............................................................................................................................................. 3
Objective ................................................................................................................................................... 3
Lab Topology ............................................................................................................................................. 4
Lab Settings ............................................................................................................................................... 5
1 Join vCenter Server to the ad.vclass.local Domain ............................................................................ 6
2 Add ad.vclass.local as an Identity Source ........................................................................................ 11

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 2

Lab 5: Adding an Identity Source

Introduction

In this lab, you will join vCenter Server to the ad.vclass.local domain and add ad.vclass.local as an
identity source.

Joining vCenter Server to an Active Directory (AD) domain allows vCenter Server to authenticate users
and groups against the AD domain. This can provide several benefits, including:

• Centralized user management: By joining vCenter Server to an AD domain, you can use AD to
manage the users and groups that have access to vCenter Server. This can make it easier to
manage user access to vCenter Server, as you can use AD to create and manage users and
groups, rather than managing them separately in vCenter Server.
• Single sign-on: By joining vCenter Server to an AD domain, users can use AD credentials to
access vCenter Server, rather than having to remember and enter separate credentials for
vCenter Server. This can make it easier for users to access vCenter Server and can reduce the
number of help desk calls for password resets.
• Improved security: By using AD for authentication, you can take advantage of AD security
features, such as password policies and account lockout, to improve the security of vCenter
Server.
• Improved auditing: By using AD for authentication, you can use AD auditing features to track
user activity in vCenter Server. This can make it easier to identify and troubleshoot security
issues and meet compliance requirements.
• Better integration: By joining vCenter Server to an AD domain, you can integrate vCenter Server
with other applications that are also integrated with AD, such as Microsoft Exchange or
SharePoint. This can provide a more seamless user experience and make it easier to manage
access to these applications.

It is important to note that joining vCenter Server to an AD domain requires that vCenter Server has
network access to the AD domain controllers and that the AD domain controllers have the necessary
ports open. It also requires that you have the necessary AD permissions to join the vCenter Server to
the domain.

Objective

• Join vCenter Server to the ad.vclass.local domain

• Add ad.vclass.local as an Identity Source

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 3

Lab 5: Adding an Identity Source

Lab Topology

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 4

Lab 5: Adding an Identity Source

Lab Settings

The information in the table below will be needed to complete the lab. The task sections further below
provide details on the use of this information.

Virtual Machine IP Address Account Password

sa-student eth0: 172.20.10.80 sysadmin NDGlabpass123!

sa-vcsa eth0: 172.20.10.94 [email protected] NDGlabpass123!

sa-esxi-01 eth0: 172.20.10.51 root NDGlabpass123!

sa-esxi-02 eth0: 172.20.10.52 root NDGlabpass123!

sa-aio eth0: 172.20.10.10 sysadmin NDGlabpass123!

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 5

Lab 5: Adding an Identity Source

1 Join vCenter Server to the ad.vclass.local Domain

In this task, you will join sa-vcsa.vclass.local to the ad.vclass.local domain, which is an AD identity
source.

1. Launch the sa-student Virtual Machine (VM) to access the graphical login screen.

To launch the console window for a VM, either click on the machine’s
graphic image from the topology page, or click on the machine’s
respective tab from the Navigator.

2. Launch the Mozilla Firefox web browser by either clicking on the icon found in the bottom toolbar
or by navigating to Start Menu > Internet > Firefox Web Browser.

3. In Firefox, click LAUNCH VSPHERE CLIENT.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 6

Lab 5: Adding an Identity Source

If the VMware Getting Started webpage does not load, please wait an
additional 3 - 5 minutes, and refresh the page to continue. This is
because the vCenter Server Appliance is still booting up and requires
extra time to initialize.

4. To log in to the vCenter Server Appliance, enter [email protected] for the username and
NDGlabpass123! for the password. Click LOGIN.

You may ignore the “browser-OS combination” warning message

presented on the VMware vCenter Single Sign-On page and continue
moving forward with the lab.

5. From the main menu, select Administration.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 7

Lab 5: Adding an Identity Source

6. In the Navigator, under Single Sign On, select Configuration.

7. In the Configuration pane, select Identity Provider and click Active Directory Domain. Verify that
the sa-vcsa.vclass.local node is selected. Click JOIN AD.

8. In the Join Active Directory Domain window, enter ad.vclass.local for the Domain, administrator for the
Username, and NDGlabpass123! for the Password. Click JOIN.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 8

Lab 5: Adding an Identity Source

For this lab, AD has been preconfigured on the SA-AIO machine.

9. Verify that sa-vcsa.vclass.local has successfully joined the ad.vclass.local AD. Click Acknowledge on
the pop-up dialog box.

10. Restart the vCenter Server Appliance using the vCenter Server Appliance Management Interface.

a. Open a new Firefox Browser, and click [Mgmt] sa-vcsa.

Port 5480 is the default port used to access the vCenter Server
Appliance Web User Interface. The VMware vCenter Server Appliance
Management Interface (VAMI) is used to perform administrative
tasks such as changing the host name, network configurations, and
applying updates and patches.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 9

Lab 5: Adding an Identity Source

b. For the Username, type [email protected] and for the Password, type NDGlabpass123!.
Click LOGIN.

c. From the Actions drop-down menu in the top right corner, select Reboot.

d. In the System Reboot window, click YES.

11. Go back to the vSphere Client tab, and refresh the screen periodically until the vSphere Client login
page appears.

The reboot process takes 5 - 10 minutes to complete. During this time, the
vSphere Client is unavailable. You will not be able to complete the next task
until VCSA has fully rebooted. Once the login page appears, you may continue
to the next task.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 10

Lab 5: Adding an Identity Source

2 Add ad.vclass.local as an Identity Source

In this task, you will add an identity source to enable the single sign-on configuration.

In vCenter Server, an identity source refers to a directory service or external authentication provider
that is used to authenticate users and groups. Examples of identity sources include AD and OpenLDAP.
These sources can be used to authenticate users who access the vCenter Server, as well as to manage
permissions for those users within vCenter Server.

1. Log in to the VCSA, enter [email protected] for the username and NDGlabpass123! for the
password. Click LOGIN.

You may ignore the “browser-OS combination” warning message

presented on the VMware vCenter Single Sign-On page and continue
moving forward with the lab.

2. From the main menu, select Administration.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 11

Lab 5: Adding an Identity Source

3. In the Navigator, under Single Sign On, select Configuration.

4. In the Configuration pane, select Identity Provider and click Identity Sources. Notice the
vclass.local and localos domains appear as identity sources.

5. In the Identity Sources pane, click ADD.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 12

Lab 5: Adding an Identity Source

6. In the Add Identity Source window, verify that the Active Directory (Integrated Windows
Authentication) is selected. Verify that AD.VCLASS.LOCAL is listed as the Domain name. Ensure
that Use machine account is selected, and click ADD.

7. In the Identity Source window, verify that AD.VCLASS.LOCAL is listed as an identity source. Select
the AD.VCLASS.LOCAL, and click SET AS DEFAULT.

8. In the Set Default Identity Source window, click OK.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 13

Lab 5: Adding an Identity Source

In Lab 6, you will be building upon the knowledge and skills you acquired in Lab 5.
You will be utilizing the concepts and techniques learned in this lab to complete the
tasks in Lab 6. This includes applying the understanding of the vCenter Server, and
the use of identity sources for authentication and authorization. By completing Lab
6, you will have a deeper understanding of how to manage and maintain AD users
within a vCenter environment.

9. The lab is now complete; you may end your reservation.

3/13/2023 Copyright © 2023 Network Development Group, Inc. www.netdevgroup.com Page 14