If you upgrade a Simple Install environment to a vCenter Server 6 embedded deployment, upgrade is seamless. If you upgrade a custom installation, the vCenter Single Sign-On service is part of the Platform Services Controller after the upgrade. Which users can log in to vCenter Server after an upgrade depends on the version that you are upgrading from and the deployment configuration.

As part of the upgrade, you can define a different vCenter Single Sign-On domain name to be used instead of vsphere.local.

Upgrade Paths

The result of the upgrade depends on what installation options you had selected, and what deployment model you are upgrading to.

Table 1. Upgrade Paths

Source

Result

vSphere 5.5 and earlier Simple Install

vCenter Server with embedded Platform Services Controller.

vSphere 5.5 and earlier Custom Install

If vCenter Single Sign-On was on a different node than vCenter Server, an environment with an external Platform Services Controller results.

If vCenter Single Sign-On was on the same node as vCenter Server, but other services are on different nodes, an environment with an embedded Platform Services Controller results.

If the custom installation included multiple replicating vCenter Single Sign-On servers, an environment with multiple replicating Platform Services Controller instances results.

Who Can Log In After Upgrade of a Simple Install

If you upgrade an environment that you provisioned using the Simple Install option, the result is always an installation with an embedded Platform Services Controller. Which users are authorized to log in depends on whether the source environment includes vCenter Single Sign-On.

Table 2. Login Privileges After Upgrade of Simple Install Environment

Source version

Login access for

Notes

vSphere 5.0

Local operating system users

administrator@vsphere.local

You might be prompted for the administrator of the root folder in the vSphere inventory hierarchy during installation because of changes in user stores.

If your previous installation supported Active Directory users, you can add the Active Directory domain as an identity source.

vSphere 5.1

Local operating system users

administrator@vsphere.local

Admin@SystemDomain

Starting with vSphere 5.5, vCenter Single Sign-On supports only one default identity source.

You can set the default identity source.

See the vSphere Security documentation.

Users in a non-default domain can specify the domain when they log in (DOMAIN\user or user@DOMAIN).

vSphere 5.5

administrator@vsphere.local or the administrator of the domain that you specified during upgrade.

All users from all identity sources can log in as before.

If you upgrade from vSphere 5.0, which does not include vCenter Single Sign-On, to a version that includes vCenter Single Sign-On, local operating system users become far less important than the users in a directory service such as Active Directory. As a result, it is not always possible, or even desirable, to keep local operating system users as authenticated users.

Who Can Log In After Upgrade of a Custom Installation

If you upgrade an environment that you provisioned using the Custom Install option, the result depends on your initial choices:

  • If vCenter Single Sign-On was on the same node as the vCenter Server system, the result is an installation with an embedded Platform Services Controller.

  • If vCenter Single Sign-On was on a different node than the vCenter Server system, the result is an installation with an external Platform Services Controller.

  • If you upgrade from vSphere 5.0, you can select an external or embedded Platform Services Controller as part of the upgrade process.

Login privileges after the upgrade depend on several factors.

Table 3. Login Privileges After Upgrade of Custom Install Environment

Source version

Login access for

Notes

vSphere 5.0

vCenter Single Sign-On recognizes local operating system users for the machine where the Platform Services Controller is installed, but not for the machine where vCenter Server is installed.

Note:

Using local operating users for administration is not recommended, especially in federated environments.

administrator@vsphere.local can log in to vCenter Single Sign-On and each vCenter Server instance as an administrator user.

If your 5.0 installation supported Active Directory users, those users no longer have access after the upgrade. You can add the Active Directory domain as an identity source.

vSphere 5.1 or vSphere 5.5

vCenter Single Sign-On recognizes local operating system users for the machine where the Platform Services Controller is installed, but not for the machine where vCenter Server is installed.

Note:

Using local operating users for administration is not recommended, especially in federated environments.

administrator@vsphere.localcan log in to vCenter Single Sign-On and each vCenter Server instance as an administrator user.

For upgrades from vSphere 5.1 Admin@SystemDomain has the same privileges as administrator@vsphere.local.

Starting with vSphere 5.5, vCenter Single Sign-On supports only one default identity source.

You can set the default identity source.

See the vSphere Security documentation.

Users in a non-default domain can specify the domain when they log in (DOMAIN\user or user@DOMAIN).