VCAC 6.0/6.1 BUILD OUT TO DISTRIBUTED MODEL: DEPLOY THE IDENTITY APPLIANCE

Written by Sam McGeown on 12/9/2014 · Read in about 2 min (391 words)
Published under VMware and vRealize Automation

SSO is a fundamental requirement when deploying vCAC, whether for a distributed or simple installation. This walk through goes through the deployment and configuration of the vCAC Identity Appliance, which provides a stand alone SSO instance for vCAC.

Some of the posts in this series are completed with vCAC 6.0.1, others will be with 6.1. Where there are differences I will aim to point them out!

Deploying the OVF

Deploying the OVF is very simple, just run through the wizard:

The appliance will perform a reverse lookup to get it’s hostname - if you have pre-staged a DNS A and PTR record, and have a reservation set for the VM. If you statically assign an IP address, make sure you use the FQDN in the hostname field - not doing so will cause issues with the self-signed certificates and also when you join the Active Directory domain.

Initial Appliance Configuration

Log on to your new appliance using https://:5480

Set the time zone - ensure this is consistent across all components of vCAC.

Configure your time source - again make sure it’s consistent throughout your vCAC deployment.

If the time doesn’t update, force a re-sync with “rcntp ntptimeset” via SSH.

Configuring SSO

Initialise the SSO by entering an SSO admin password - this might take a few minutes to configure while it initialises

Modify the host settings and ensure you have the FQDN for the appliance (the domain should match the AD you want to join)

Generate (non-production or proof of concept) or import a certificate:

Create a config file:

Submit the config file to OpenSSL to create a private key file, and a certificate signing request:

Submit the CSR to your Certificate Authority (using the VMware-SSL template):

Open the private key file (.key) and copy the contents - paste it into the private key field in the SSL certificate page of the Identity Appliance.

Next copy the contents of the signed certificate (.cer) to the Certificate chain field. Then copy any intermediate CA certificate contents, then the root CA certificate contents.

Join the Active Directory domain

Enter the domain’s FQDN, a user account with permissions to join the appliance to active directory and the password, and then click “Join Domain” - if your appliance hostname is not an FQDN or doesn’t match the domain that you’re joining, the operation will fail.

 

Share this post