Single Sign-On (SSO) Improvements in vSphere 5.5

One of the biggest improvements in the recently announced vSphere 5.5 is the updates to Single Sign-On (SSO). This new version of SSO makes me extremely happy and I think it will have the same affect for the customers I work with. The initial SSO attempt in vSphere 5.1 was… well, lets just say it could have been better. Today I’ll cover the changes to this SSO update and why it makes for a better product.

vSphere 5.5, SSO, and Improved Architecture

Multi-master No more working with a primary and secondary architecture with strict database rules. The new SSO product uses a multi-master model for the SSO servers.

Built in replication  Replication is now built in and happens automatically between SSO servers within the same domain.

Site awareness  There is now the ability within an SSO domain to define sites. Sites would typically be physical data center locations. This makes the architecture a little easier to understand and design for.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Adios, SSO Database

The big news here is that there is no SSO database any more. This change allows for the improved architecture covered earlier. While the database was not impossible, it did give many admins a rash while trying to setup the first couple of attempts.

SSO Installation Updates

With the updated version of SSO there is now just a single deployment method. This simplifies things a great deal. The previous version confused many people about when should they use simple, HA, or multi-site configurations.

New install options are as follows:

  • First server in a new domain
  • Add a server in an existing domain
  • Add a server in an existing domain with a new site

SSO Diagnostics and Troubleshooting

VMware has also package a set of diagnostic and troubleshooting tools with this release of SSO. I welcome this because even when talking with VMware people and their support staff there was a huge void in SSO experience. Having a set of tools that can aide in resolving SSO issues.

SSO Install Recommendations

For a large portions of customers VMware recommends them to KISS (Keep It Simple SSO!) when architecting and installing their SSO environment. This means that for data centers with one to five vCenters the primary architecture choice would be to install all the components for a vCenter on a single server as shown below. This keeps things simple and still performs very well for environments with up to 1000 hors or 10,000 VMs. This model keeps all the services local and does not create any new external dependencies.

vSphere 5.5 and Single Sign-On Improvements


The alternative architecture for larger data centers with more than five vCenters should consider the following model. This model uses a centralized SSO and vSphere Web Client install that all vCenters will access. This model supports a mixed vCenter version of both vCenter 5.1 and 5.5. This will be welcome for customers that have mixed requirements or long upgrade processes.

To support the high availability of this model the following are some requirements and options for consideration:

  • vSphere HA
  • Network Load Balancer
  • vCenter Heartbeat

vSphere 5.5 and Single Sign-On Improvements


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (4)

4 responses to “Single Sign-On (SSO) Improvements in vSphere 5.5”

  1. […] Single Sign-On (SSO) Improvements in vSphere 5.5 (Petri) What is new in VMware Single Sign-On 2.0 (UP2V) A Look At vCenter 5.5 SSO RC Installation (VMware vEvangelist) Allow me to introduce you to vCenter Single Sign-On 5.5 (VMware vSphere Blog) vSphere 5.5 Improvements Part 7 – Single Sign On Completely Redesigned (Wahl Network) Using Active Directory Integrated Windows Authentication with SSO 5.5 (Wahl Network) What’s New in vCloud Suite 5.5: vCenter Server SSO (WoodITWork) […]

  2. […] 1. VMware SSO updates – Lets just say that Single Sign On (SSO) was a big of a challenge in vSphere 5.1. This caused some customers a few sleepless nights and scared others off from upgrading to 5.1. Well the good news is VMware has rearchitected SSO in vSphere 5.5 and it does not suck anymore. Check out this other post I wrote on SSO in vSphere 5.5. […]

  3. In the artcile, there is a mention of troubleshooting tools for SSO. Are they available for download?

    Is there any documentation on how and when to use it?

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: