vCenter Server provides a centralized platform for management, operation, resource provisioning, and performance evaluation of virtual machines and hosts.
When you deploy the vCenter Server appliance, vCenter Server, the vCenter Server components, and the authentication services are deployed on the same system.
The following components are included in the vCenter Server appliance deployments:
- The authentication services contain vCenter Single Sign-On, License service, Lookup Service, and VMware Certificate Authority.
- The vCenter Server group of services contains vCenter Server, vSphere Client, vSphere Auto Deploy, and vSphere ESXi Dump Collector. The vCenter Server appliance also contains the VMware vSphere Lifecycle Manager Extension service and the VMware vCenter Lifecycle Manager.
What Happened to the Platform Services Controller
Beginning in vSphere 7.0, deploying a new vCenter Server or upgrading to vCenter Server 7.0 requires the use of the vCenter Server appliance, a preconfigured virtual machine optimized for running vCenter Server. The new vCenter Server contains all Platform Services Controller services, preserving the functionality and workflows, including authentication, certificate management, tags, and licensing. It is no longer necessary nor possible to deploy and use an external Platform Services Controller. All Platform Services Controller services are consolidated into vCenter Server, and deployment and administration are simplified.
As these services are now part of vCenter Server, they are no longer described as a part of Platform Services Controller. In vSphere 7.0, the vSphere Authentication publication replaces the Platform Services Controller Administration publication. The new publication contains complete information about authentication and certificate management. For information about upgrading or migrating from vSphere 6.5 and 6.7 deployments using an existing external Platform Services Controller to vSphere 7.0 using vCenter Server appliance, see the vSphere Upgrade documentation.
Authentication Services
- vCenter Single Sign-On
-
The vCenter Single Sign-On authentication service provides secure authentication services to the vSphere software components. By using vCenter Single Sign-On, the vSphere components communicate with each other through a secure token exchange mechanism, instead of requiring each component to authenticate a user separately with a directory service like Active Directory.
vCenter Single Sign-On can authenticate users through:
- External identity provider federation
You can configure vCenter Server for an external identity provider using federated authentication. In such a configuration, you replace vCenter Server as the identity provider. Currently, vSphere supports Active Directory Federation Services (AD FS) as the external identity provider. In this configuration, AD FS interacts with the identity sources on behalf ofvCenter Server.
- vCenter Server built-in identity provider
vCenter Server includes a built-in identity provider. By default, vCenter Server uses the vsphere.local domain as the identity source (but you can change it during installation). You can configure the vCenter Server built-in identity provider to use Active Directory (AD) as its identity source using LDAP/S, OpenLDAP/S, and Integrated Windows Authentication (IWA). Such configurations allow customers to log in to vCenter Server using their AD accounts.
Authenticated users can then be assigned registered solution-based permissions or roles within a vSphere environment.
vCenter Single Sign-On is required with vCenter Server.
- External identity provider federation
- vSphere License Service
- The vSphere License service provides common license inventory and management capabilities to all vCenter Server systems within the Single Sign-On domain.
- VMware Certificate Authority
- VMware Certificate Authority (VMCA) provisions each ESXi host with a signed certificate that has VMCA as the root certificate authority, by default. Provisioning occurs when the ESXi host is added to vCenter Server explicitly or as part of the ESXi host installation process. All ESXi certificates are stored locally on the host.
For information about all authentication services and capabilities, see vSphere Authentication.
Services Installed with vCenter Server
These additional components are installed silently when you install vCenter Server. The components cannot be installed separately as they do not have their own installers.
- PostgreSQL
- A bundled version of the VMware distribution of PostgreSQL database for vSphere and vCloud Hybrid Services.
- vSphere Client
-
The HTML5-based user interface that lets you connect to vCenter Server instances by using a Web browser. This vSphere Client replaces the Flex-based vSphere Web Client from vSphere 7.0.
- vSphere ESXi Dump Collector
- The vCenter Server support tool. You can configure ESXi to save the VMkernel memory to a network server, rather than to a disk, when the system encounters a critical failure. The vSphere ESXi Dump Collector collects such memory dumps over the network.
- vSphere Auto Deploy
- The vCenter Server support tool that can provision hundreds of physical hosts with ESXi software. You can specify the image to deploy and the hosts to provision with the image. Optionally, you can specify host profiles to apply to the hosts, and a vCenter Server location (folder or cluster) for each host.
- VMware vSphere Lifecycle Manager
- vSphere Lifecycle Manager enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESXi hosts, virtual machines, and virtual appliances.
