The vSphere Authentication documentation provides information to help you perform common tasks such as certificate management and vCenter Single Sign-On configuration.

At VMware, we value inclusion. To foster this principle within our customer, partner, and internal community, we have updated this guide to remove instances of non-inclusive language.

vSphere Authentication explains how you can manage certificates for vCenter Server and related services, and set up authentication with vCenter Single Sign-On.

Table 1. vSphere Authentication Highlights
Topics Content Highlights
Getting Started with Authentication
  • Managing authentication services.
  • Managing vCenter Server using the vCenter Server Management Interface.
vSphere Security Certificates
  • Certificate model, and options for replacing certificates.
  • Replace certificates from the UI (simple cases).
  • Replace certificates using the Certificate Manager utility.
  • Replace certificates using the CLI (complex situations).
  • Certificate management CLI reference.
vSphere Authentication with vCenter Single Sign-On
  • Architecture of the authentication process.
  • How to add identity sources so users in your domain can authenticate.
  • Two-factor authentication.
  • Managing users, groups, and policies.

What Happened to the Platform Services Controller

Beginning in vSphere 7.0, deploying a new vCenter Server or upgrading to vCenter Server 7.0 requires the use of the vCenter Server appliance, a preconfigured virtual machine optimized for running vCenter Server. The new vCenter Server contains all Platform Services Controller services, preserving the functionality and workflows, including authentication, certificate management, tags, and licensing. It is no longer necessary nor possible to deploy and use an external Platform Services Controller. All Platform Services Controller services are consolidated into vCenter Server, and deployment and administration are simplified.

As these services are now part of vCenter Server, they are no longer described as a part of Platform Services Controller. In vSphere 7.0, the vSphere Authentication publication replaces the Platform Services Controller Administration publication. The new publication contains complete information about authentication and certificate management. For information about upgrading or migrating from vSphere 6.5 and 6.7 deployments using an existing external Platform Services Controller to vSphere 7.0 using vCenter Server appliance, see the vSphere Upgrade documentation.

Related Documentation

A companion document, vSphere Security, describes available security features and the measures that you can take to safeguard your environment from attack. That document also explains how you can set up permissions, and includes a reference to privileges.

In addition to these documents, VMware publishes the vSphere Security Configuration Guide (formerly known as the Hardening Guide) for each release of vSphere, accessible at http://www.vmware.com/security/hardening-guides.html. The vSphere Security Configuration Guide contains guidelines on security settings that can or should be set by the customer, and security settings delivered by VMware that should be audited by the customer to ensure that they are still set to default.

Intended Audience

This information is intended for administrators who want to configure vCenter Server authentication and manage certificates. The information is written for experienced Linux system administrators who are familiar with virtual machine technology and data center operations.