The upgrade process differs based on several factors. Understand the complete upgrade, vCenter Single Sign-On setup, and permission assignment process before you start. This topic explains how to perform the upgrade and user management if you upgrade from vSphere 5.1.x, which includes an earlier version of vCenter Single Sign-On.
If you are upgrading from vSphere 5.1.x, your original environment includes a vCenter Single Sign-On server. How you perform the upgrade, and whether you are required to add identity sources or assign permissions, depends on your current environment and on what you intend to do, as shown in the following illustration.
This topic focuses on the most frequently encountered upgrade cases. It does not include a discussion of upgrading an installation that includes a vCenter Single Sign-On high availability deployment. See Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single Sign-On Deployment.
The interaction proceeds as follows.
If your current environment is installed on different machines and potentially in different locations, it is easiest to have the target environment use a similar layout.
With vSphere 5.5, multiple vCenter Server systems can use a single vCenter Single Sign-On system.
If your current environment uses vCenter Single Sign-On multisite, resynchronize your environment. See Knowledge Base articles http://kb.vmware.com/kb/2042849 and http://kb.vmware.com/kb/2038677, and start a Custom Install upgrade. See Use Custom Install to Upgrade Version 5.0.x and Earlier vCenter Server and Required Components. Which users can access vCenter Single Sign-On and vCenter Server depends on the identity sources that are defined before the upgrade. See step 3.
If your current environment does not use vCenter Single Sign-On multisite, you can distribute the upgrade over multiple machines with a Custom Install or continue placing all vCenter services on the same machine (step 2).
If all vCenter Server components are on the same host machine, you can upgrade with Simple Install. See Use Simple Install to Upgrade vCenter Server and Required Components. After you upgrade with the Simple Install process, local operating system users and the user email@example.com can authenticate.
If your environment was using only local operating system users, the localos identity source is sufficient. You can log in to vCenter Server as firstname.lastname@example.org, or as any local operating system user who previously had permissions.Note:
Local operating users in embedded groups are no longer available. You can add those groups explicitly.
If your environment was using an Active Directory or OpenLDAP identity source, those identity sources are included with vCenter Single Sign-On after the upgrade, but they are not the default identity source. Go to Step 3.
If your environment was using an Active Directory or OpenLDAP identity source.
Users in the default identity source (localos by default) can log in to vCenter Server if they had permission to do so previously.
Users in other identity sources can log in to vCenter Server if they use the domain name and password, for example, DOMAIN1\user1.
You can log in to vCenter Single Sign-On as email@example.com to make the Active Directory or OpenLDAP identity source the default identity source.