VMware SSO server -- a mandatory ID authentication component for many VMware applications at version 5.1 -- is the natural evolution of security and ease of use for VMware's diverse software products. Despite the early issues with SSO,
Corporate IT departments started using directory authentication services over two decades ago; in the 1980s, Project Athena gave us Hesiod, the first directory server. Directories provide a centralized location for the various programs and OSes at play in a corporate IT environment, identifying the individual using a computer and determining if they are allowed to so. This, at its core, is what VMware single sign-on (SSO) is all about.
One person may use multiple computers and dozens or even hundreds of individual applications, each with unique security requirements. Various Web and cloud computing services also require passwords and security, as do infrastructure tools such as VMware's suite of applications or the various switches, routers and lights-out server management modules that underpin networks.
Other updates in vSphere 5.1
The Web client forgoes Windows
vSphere Replication is built in
EMC provides vSphere Data Protection
A new round of licensing adjustments
VMware has used a basic form of SSO for some time. VMware vCenter Server integrates with Microsoft's Active Directory, one of the most commonly deployed directory servers. A VMware administrator creates roles, which contain a template of the rights and privileges that any user or group assigned to this role receives. By mapping these roles to Active Directory groups, administrators don't get bogged down in rights management for VMware applications and the corporate infrastructure.
Before vSphere 5.1 SSO, some applications integrated with the vCenter Server -- and by extension Active Directory -- but some did not. Specific implementation of SSO eliminates multiple sign-on events for administrators using the various applications within VMware's product suite.
VMware SSO takes authentication against the corporate directory away from vCenter and serves up a centralized mechanism that vSphere, View and other VMware applications can use. In the short term, this enables applications within the VMware suite to authenticate against Active Directory and do so in a more secure fashion. Under-the-hood authentication mechanisms also got an upgrade with the single sign-on server.
Longer term, VMware's SSO server is the first step toward true unification of VMware's various software components. It allows VMware to build or acquire new applications securely. Those applications authenticate themselves against VMware's SSO server; the SSO mechanism figures out how to join that authentication up with services from other vendors.
Most importantly, VMware SSO is a directory service in its own right. While it can integrate with other directory services, these are no longer required. This breaks VMware's dependence on Microsoft's Active Directory for centralized authentication, allows for integration with other vendors and even provides a platform for third parties to treat VMware's offerings as the primary, authoritative authentication mechanism.
Single sign-on in the VMware environment is a positive change in how authentication works with VMware vSphere and other applications, increasing security and ease of use for systems administrators, flexibility for VMware and independence for the growing ecosystem of VMware partners.
This was first published in January 2013