Starting with version 5.1, vSphere includes a vCenter Single Sign-On component as part of the vCenter Server management infrastructure. This change affects vCenter Server installation.

Authentication by vCenter Single Sign-On makes the VMware cloud infrastructure platform more secure by allowing the vSphere software components to communicate with each other through a secure token exchange mechanism.

For information about configuring vCenter Single Sign-On, see vSphere Security. For more information about vCenter Single Sign-On deployment modes, see vCenter Single Sign-On Deployment Modes.

For the first installation of vCenter Server, you must install all components. In subsequent installations in the same environment, or if you add services, you do not have to install vCenter Single Sign-On. One vCenter Single Sign-On server can serve your entire vSphere environment. After you install vCenter Single Sign-On once, you can connect all new vCenter Server instances to the same vCenter Single Sign-On service. You must install an Inventory Service instance for each vCenter Server instance.

Simple Install

The Simple Install option installs vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter Server on the same host or virtual machine. Simple Install is appropriate for most deployments.

Custom Install

If you want to customize the location and setup of each component, you can install the components separately by performing a custom install and selecting the individual installation options, in the following order:

  1. vCenter Single Sign-On

  2. vSphere Web Client

  3. vCenter Inventory Service

  4. vCenter Server

You can install each component on a different host or virtual machine.

If you decide on installing multiple vCenter Server systems, you can point to the same vCenter Single Sign-On service for each vCenter Server.

Installing in Multiple Locations

Unlike vCenter Single Sign-On version 5.1, vCenter Single Sign-On 5.5 synchronizes authentication data across locations.

If you install vCenter Server systems in multiple locations, you can install a vCenter Single Sign-On server in each location. When you install the second and subsequent instances of vCenter Single Sign-On, you can point those instances to the first vCenter Single Sign-On instance during installation. The two instances synchronize their VMware Directory Service instances. Changes to one instance are propagated to the other instance.

Figure 1. Installing vCenter Single Sign-On in Multiple Locations
Multiple instances of vCenter Single Sign-On share the same vmdir directory service.