Starting with version 5.1, vSphere includes a vCenter Single Sign-On service as part of the vCenter Server management infrastructure. This change affects vCenter Server installation.
Authentication with vCenter Single Sign-On makes vSphere more secure because the vSphere software components communicate with each other by using a secure token exchange mechanism, and all other users also authenticate with vCenter Single Sign-On.
Starting with vSphere 6.0, vCenter Single Sign-On is either included in an embedded deployment, or part of the Platform Services Controller. The Platform Services Controller contains all of the services that are necessary for the communication between vSphere components including vCenter Single Sign-On, VMware Certificate Authority, VMware Lookup Service, and the licensing service.
The order of installation is important.
- First installation
- If your installation is distributed, you must install the Platform Services Controller before you install vCenter Server or deploy the vCenter Server Appliance. For an embedded deployment the correct installation order happens automatically.
- Subsequent installations
- For approximately up to four vCenter Server instances, one Platform Services Controller can serve your entire vSphere environment. You can connect the new vCenter Server instances to the same Platform Services Controller. For more than approximately four vCenter Server instances, you can install an additional Platform Services Controller for better performance. The vCenter Single Sign-On service on each Platform Services Controller synchronizes authentication data with all other instances. The precise number depends on how heavily the vCenter Server instances are being used and on other factors.