The upgrade process differs based on several factors. Understand the complete upgrade, vCenter Single Sign-On setup, and permission assignment process before you start. This topic explains how to perform the upgrade and user management if you upgrade from vSphere 5.0 or earlier, which does not include vCenter Single Sign-On.

If you are upgrading from vSphere 5.0 or earlier, your original environment does not include a vCenter Single Sign-On server. How you perform the upgrade, and whether you are required to add identity sources or assign permissions depends on your current environment and on what you intend to do, as shown in the following illustration.

Note:

This topic focuses on the most frequently encountered upgrade cases. It does not include a discussion of upgrading an installation that includes a vCenter Single Sign-On high availability deployment. See Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single Sign-On Deployment..

Figure 1. Upgrade and Sign In Process for Environments that Do Not Include vCenter Single Sign-On
The flowchart illustrates the decision points and actions you have to perform. The flowchart content parallels the text below.

The interaction proceeds as follows.

  1. If your current environment is installed on different machines and potentially in different locations, it is easiest to have the target environment use the same layout.

    • If your current environment is distributed over several machines or several location, you can perform a Custom Install upgrade. (see step 4)

    • If your current environment is not distributed over several machines or several locations, you can distribute the upgrade over multiple machines with a custom install (step 4) or continue placing all vCenter components on the same machine (step 2).

  2. If all vCenter Server components are on the same host machine, you can upgrade with Simple Install. See Use Simple Install to Upgrade vCenter Server and Required Components. After you upgrade with the Simple Install process, local operating system users and the user administrator@vsphere.local can authenticate.

    • If your environment was using only local operating system users, the localos identity source is sufficient. You can log in to vCenter Server as administrator@vsphere.local or any local operating system user who previously had permissions.

    • If your environment was using Active Directory to manage users and permissions, go to Step 3.

  3. If your pre-upgrade environment used Active Directory to manage users and permissions, the Active Directory domain is added to vCenter Single Sign-On as an identity source. Users who previously had permissions to access vCenter Server objects continue to have those permissions.

    Only one default identity source is supported with vSphere 5.5, and the Active Directory identity source is initially not the default identity source. Users can log in only if they include the domain as part of the login (DOMAIN\user).

    You can log in to the vCenter Single Sign-On server as administrator@vsphere.local and make the Active Directory domain the default identity source.

    1. Log in to the vCenter Single Sign-On server as administrator@vsphere.local and add the Active Directory domain as an identity source. See Add a vCenter Single Sign-On Identity Source.

    2. Make the Active Directory domain the default identity source. Only one default identity source is supported. Users from other domains can include the domain as part of the login (DOMAIN\user).

    3. Users who previously had permissions to access vCenter Server objects continue to have those permissions.

  4. If you decide to install vCenter Server services on different machines, you can use a Custom Install upgrade process. See Use Custom Install to Upgrade Version 5.0.x and Earlier vCenter Server and Required Components.

    1. If your current environment supports only local operating system users, you must either make sure those users are available as localos users on the machine where vCenter Single Sign-On is installed, or you can add an Active Directory or OpenLDAP domain that includes those users.

    2. If your current environment supports an Active Directory domain, you can log in to the vCenter Single Sign-On server as administrator@vsphere.local and add the Active Directory domain to vCenter Single Sign-On. See Add a vCenter Single Sign-On Identity Source.

    3. You can either set the default identity source or users who log in to vCenter Server can include the domain name when they log in.