Tip

VMware SSO changes your authentication infrastructure ... for good

VMware SSO server -- a mandatory ID authentication component for many VMware applications at version 5.1 -- is the natural evolution of security and ease of use for VMware's diverse software products. Despite the early issues with SSO,

    Requires Free Membership to View

it isn't an anachronism or niche feature.

Corporate IT departments started using directory authentication services over two decades ago; in the 1980s, Project Athena gave us Hesiod, the first directory server. Directories provide a centralized location for the various programs and OSes at play in a corporate IT environment, identifying the individual using a computer and determining if they are allowed to so. This, at its core, is what VMware single sign-on (SSO) is all about.

One person may use multiple computers and dozens or even hundreds of individual applications, each with unique security requirements. Various Web and cloud computing services also require passwords and security, as do infrastructure tools such as VMware's suite of applications or the various switches, routers and lights-out server management modules that underpin networks.

Other updates in vSphere 5.1

New shared-nothing live migration

The Web client forgoes Windows

vSphere Replication is built in

EMC provides vSphere Data Protection

A new round of licensing adjustments

VMware has used a basic form of SSO for some time. VMware vCenter Server integrates with Microsoft's Active Directory, one of the most commonly deployed directory servers. A VMware administrator creates roles, which contain a template of the rights and privileges that any user or group assigned to this role receives. By mapping these roles to Active Directory groups, administrators don't get bogged down in rights management for VMware applications and the corporate infrastructure.

Before vSphere 5.1 SSO, some applications integrated with the vCenter Server -- and by extension Active Directory -- but some did not. Specific implementation of SSO eliminates multiple sign-on events for administrators using the various applications within VMware's product suite.

VMware SSO takes authentication against the corporate directory away from vCenter and serves up a centralized mechanism that vSphere, View and other VMware applications can use. In the short term, this enables applications within the VMware suite to authenticate against Active Directory and do so in a more secure fashion. Under-the-hood authentication mechanisms also got an upgrade with the single sign-on server.

Longer term, VMware's SSO server is the first step toward true unification of VMware's various software components. It allows VMware to build or acquire new applications securely. Those applications authenticate themselves against VMware's SSO server; the SSO mechanism figures out how to join that authentication up with services from other vendors.

Most importantly, VMware SSO is a directory service in its own right. While it can integrate with other directory services, these are no longer required. This breaks VMware's dependence on Microsoft's Active Directory for centralized authentication, allows for integration with other vendors and even provides a platform for third parties to treat VMware's offerings as the primary, authoritative authentication mechanism.

Single sign-on in the VMware environment is a positive change in how authentication works with VMware vSphere and other applications, increasing security and ease of use for systems administrators, flexibility for VMware and independence for the growing ecosystem of VMware partners.

This was first published in January 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.