The upgrade process differs based on several factors. Understand the complete upgrade, vCenter Single Sign-On setup, and permission assignment process before you start. This topic explains how to perform the upgrade and user management if you upgrade from vSphere 5.1.x, which includes an earlier version of vCenter Single Sign-On.

If you are upgrading from vSphere 5.1.x, your original environment includes a vCenter Single Sign-On server. How you perform the upgrade, and whether you are required to add identity sources or assign permissions, depends on your current environment and on what you intend to do, as shown in the following illustration.

Note:

This topic focuses on the most frequently encountered upgrade cases. It does not include a discussion of upgrading an installation that includes a vCenter Single Sign-On high availability deployment. See Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single Sign-On Deployment.

Figure 1. Flowchart of vCenter Upgrade from Environments that Include vCenter Single Sign-On
The flowchart illustrates the upgrade process for environments that include vCenter Single Sign-On. The text below mirrors the decision points and actions.

The interaction proceeds as follows.

  1. If your current environment is installed on different machines and potentially in different locations, it is easiest to have the target environment use a similar layout.

    With vSphere 5.5, multiple vCenter Server systems can use a single vCenter Single Sign-On system.

  2. If all vCenter Server components are on the same host machine, you can upgrade with Simple Install. See Use Simple Install to Upgrade vCenter Server and Required Components. After you upgrade with the Simple Install process, local operating system users and the user administrator@vsphere.local can authenticate.

    • If your environment was using only local operating system users, the localos identity source is sufficient. You can log in to vCenter Server as administrator@vsphere.local, or as any local operating system user who previously had permissions.

      Note:

      Local operating users in embedded groups are no longer available. You can add those groups explicitly.

    • If your environment was using an Active Directory or OpenLDAP identity source, those identity sources are included with vCenter Single Sign-On after the upgrade, but they are not the default identity source. Go to Step 3.

  3. If your environment was using an Active Directory or OpenLDAP identity source.

    • Users in the default identity source (localos by default) can log in to vCenter Server if they had permission to do so previously.

    • Users in other identity sources can log in to vCenter Server if they use the domain name and password, for example, DOMAIN1\user1.

    • You can log in to vCenter Single Sign-On as administrator@vsphere.local to make the Active Directory or OpenLDAP identity source the default identity source.