Mastering VMware vSphere 6. Marshall Nick
Чтение книги онлайн.

Читать онлайн книгу Mastering VMware vSphere 6 - Marshall Nick страница 23

Название: Mastering VMware vSphere 6

Автор: Marshall Nick

Издательство: John Wiley & Sons Limited

Жанр: Зарубежная образовательная литература

Серия:

isbn: 9781118925164

isbn:

СКАЧАТЬ or another SAML 2.0–based authority)

      4. Once authentication succeeds, SSO passes a token to the vSphere Web Client.

      5. This token can now be used to authenticate directly with vCenter, or any other SSO integrated VMware products.

images

Figure 3.2 The steps taken to issue an authenticated session with the SSO component

      As you can see, the authentication procedure can sound more complicated than other traditional methods; however, the process is seamless to the end administrators who get access as they always have.

      Before I talk about some of the more visible components of vCenter, let’s discuss some of the unseen aspects inside the Platform Services Controller of vCenter.

      Authentication with the vSphere Desktop Client

      Generally speaking, logging onto an ESXi host using the vSphere Desktop Client requires an account created and stored locally on that host. Using the same vSphere Desktop Client to connect to vCenter Server requires an SSO user account. Keep in mind that SSO and ESXi hosts do not make any attempt to reconcile the user accounts in their respective account databases.

      Using the vSphere Desktop Client to connect directly to an ESXi host that is currently managed by vCenter Server can cause negative effects in vCenter Server. A successful logon to a managed host results in a pop-up box that warns you of this potential problem.

      Understanding the Platform Services Controller vSphere 6.0 introduces a new component called the Platform Services Controller (PSC). It is used to run common components for VMware products in a central or in distributed location(s). The PSC offers multiple services; let’s step through them so you can understand why the PSC is vital to your vSphere environment:

      • Single Sign-On

      • Licensing

      • Certificate Authority

      • Certificate Store

      • Service Registry

      As you read over the last paragraph and this list, you may notice that I mentioned “…for VMware products.” The PSC is not solely for vCenter, or vSphere for that matter. These services are located external to the vCenter Server as a common service across your entire VMware environment. As I mentioned in the previous section, Single Sign-On is a service that is offered via the PSC and can be shared to multiple vCenter instances or other VMware products.

      The Licensing Service holds all licensing information for the vSphere environment and potentially other products, too, when they ship with PSC support. It removes the dependency where vCenter must be available for licensing operations to occur. This is especially important when you’re installing multiple vCenter Servers in a geographically wide environment – older vCenter versions didn’t replicate licensing information between them unless they were in a linked mode group.

      The Certificate Authority and Store is the SSL certificate mint and wallet for your vSphere Environment. These services will allow you to create your own or store and assign third-party certificates for both vCenter and ESXi hosts. You’ll find more details on how this service is used in Chapter 8.

      The Service Registry works as the name suggests: it is a registration index of all VMware services available in this environment. This index will be particularly powerful when all VMware products also register their existence with the PSC, or more specifically the Service Registry. No longer will you need to provide the details of each component to every other component; the Service Registry will do this automatically on your behalf.

During the installation of the PSC, which I’ll detail later in this chapter, you are given options for the installation type. Depending on the availability requirements of your vCenter Server installation, you may wish to make the PSC available from multiple sites or highly available in a single cluster. When installing a PSC for the first time, the first instance will always be a single node. Installing additional PSCs then allows you to join nodes to suit your environment. They can be external to the vCenter Server or embedded, as you can see in Figure 3.3.

images

Figure 3.3 The Platform Services Controller can be installed as an embedded or external component of vCenter, just like a database.

      Using the vSphere Web Client for Administration

      With the release of vSphere 5.1, VMware started shipping two different clients to use with vCenter Server. The older, more traditional client is a .NET Windows-only application, whereas the newer is a server-side installation for administering vSphere from a web browser. The following browsers are certified and supported with the vSphere Web Client:

      • Microsoft Internet – Explorer 10 and 11 (Windows only)

      • Mozilla Firefox – the latest version, and the previous version

      • Google Chrome – the latest version, and the previous version

      Additionally, to use the vSphere Web Client, you must have Adobe Flash Player version 11.1 or later installed.

      Which Client Should You Use?

      Now that there are two possible client choices to manage your vCenter Server, you need to decide which client to use day to day. Any new features that are part of the vSphere 5.5 or 6.0 releases are not available from the vSphere Desktop Client, so that would indicate that the vSphere Web Client is the one to use. But what happens if your storage vendor has a vSphere Desktop Client plug-in that has not been updated to work with the vSphere Web Client? Well, in some cases you may not have a choice other than to use the older client, but over time the crossover period will fade away and only the vSphere Web Client will be used. Prior to vSphere 5.5, I would have stated that the vSphere Desktop Client was still the one to use, but now that vendors have had time to update and features are presented only through the vSphere Web Client, it’s my opinion that we’re on the other side of the curve.

      As stated in Chapter 2, previously the vSphere Web Client was not as feature-rich as the traditional vSphere Desktop Client, but since the release of vSphere 5.5, this has changed. When vSphere 5.1 was released, VMware stated it would no longer add features to the vSphere Desktop Client. Since this time VMware have responded to customers wanting to still use the older client. The older Desktop Client for vSphere 5.5 Update 2 and vSphere 6 will allow basic manipulation of VM Hardware Versions 10 and 11, respectively.

      As you read through the rest of this book, you can assume that unless I specify the vSphere Desktop Client, the vSphere Web Client is the default choice and the one you should be using.

      Providing an Extensible Framework

Just as centralized authentication is not a core vCenter Server service, we don’t include vCenter Server’s extensible framework as a core service. Rather, this extensible framework provides the foundation for vCenter Server’s core services and enables third-party developers to create applications built around vCenter Server. Figure 3.4 shows some of the components that revolve around the core services of vCenter Server.

images

Figure 3.4 Other applications can extend vCenter Server’s core services to provide additional management functionality.

      A СКАЧАТЬ