vSphere 5.5 Install Pt.

7: Install SSO
Yes, seven parts into this series we can finally mount our handy dandy vCenter 5.5 ISO and start installing software.
Hopefully I havent lost anyone along the way with all of the background and SSL information. But with the complexities in
vCenter 5.5 and all the moving parts, I think its important to know whats going on in case you run into issues. I want this
series to be more than just screenshots and scripts blindly leading you through an install.
Provision vCenter VM
Before we install SSO, we need to provision the vCenter VM. Per VMware recommendations, KB2052334, the VM needs
at least 12GB of RAM for a simple all in one installation. Dont skip on memory as performance will likely take a beating,
depending on the number of hosts and VMs you are managing.
At least 2 vCPUs
At least 12GB of RAM
At least 70GB D drive (more with VUM)
Use VMXNET3 NIC
Use hardware version 9 or earlier
Recommend Windows Server 2012
Enable hot add of memory/CPU
Fully patched
If you want to use the web client on the vCenter server with IE, then you must install the Desktop Experience feature.
Why? Thats the only way to get Flash player in IE with Windows Server 2012. VMware really needs to dump the Flash
interface and go HTML5. If you use a third party browser, make sure you get the very latest Flash player.
After you install the Desktop Experience make sure you patch it. Why? The stock Flash player version is not compatible
with the web client and needs to be updated via Windows Update/WSUS/SCCM to the latest version.

If you will be using IE on the vCenter server you also need to turn off the IE enhanced security mode.

Basic SSO Install
The installation process in SSO 5.5 is vastly different from vCenter 5.1. As previously mentioned gone is the SQL
database requirement, which caused untold grief. Instead of spending days trying to get the SQL JDBC connector working
with SSL (which ultimately never did work), you can now click through the install wizard in about 60 seconds. No fuss, no
pain, no hair loss. Pure bliss.
1. Login to your vCenter VM and mount the vSphere 5.5a (note the a or use the latest available) ISO. Your user account
must NOT have an exclamation point in it. If it does, the installer may fail. Use a different account. Even though we are
doing a Simple Install in concept, I want to go through the Custom Install. Why? That way we can modify the installation
paths (which you cant do with the simple install), and also more clearly walk through each component. Click on vCenter
Single Sign-On then Install.

2. On the Welcome screen click Next.

3. Thoroughly read all the entire EULA. (Pausing for 3 hours..)

4. Review the Prerequisites screen and click Next. Enterprise grade DNS is key, and you must have both forward and
reverse records working for your vCenter server. Time is also important, so ensure your vCenter VM is correctly
synchronizing with your DCs.

5. Now you need to choose your SSO deployment mode. In our case we will leave the default option, your very first
vCenter server.

6. Next up we have to enter a password. Now this is tricky, because a number of special characters are illegal and will
cause you grief. I do not know the maximum length. Specifically, do NOT use:
Non-ASCII characters
Ampersand (&)
Semicolon ( ; )
Double quotation mark ( )
Single quotation mark ( )
Circumflex ( ^ )
Backslash ( \ )
Percent ( % )
Less than ( < )
Exclamation ( ! )
Space ( )

7. Now you need to enter a site name. I would change the default value, and make it meaningful. Also, do NOT enter the
FQDN or short hostname of your server here. That could cause problems. Site names will become more important in the
future, so again, give this a minute or two of thought.

8. I would not customize the port number unless you REALLY know what you are doing and want to cause yourself some
possible future headaches. Just keep the default, guys.

9. Im a firm believer of installing most software on a drive other than C. Why? Application logs can fill up a drive, and
there could be some security implications as well. My standard is D for all major enterprise apps like vCenter. However,
per KB 2044953, the web client (not SSO) will not work if installed on any drive but C. So if you want to keep all your
vCenter binaries together, you are stuck with the C drive.

10. On the final screen review all of the settings and verify they are 100% correct. Click Install and wait a few minutes.

11. You should get a Completed message, and now you can smile.

SSO Patch Time
With the 5.5 GA version there is a known problem using Windows Server 2012 and Windows Server 2012 domain
controllers. VMware has released a patched DLL to resolve the issue. But better than that you should use the vCenter
5.5a (note the a) ISO which has the fix built in.
If you are using a non-update (i.e. Sept 2013 GA) version of vSphere 5.5, then go to KB2060901 and follow
the instructions to replace the indicated DLL. Its cake to do, so I wont show you how. Again, please install all
components from the 5.5a media or later so you can skip this manual step.
Summary
The SSO installation in vSphere 5.5 is vastly easier than it was in 5.1. Just a few clicks and your SSO server is running.
No more SQL, JDBC connections, or databases to create. Major improvement! Next up is minting your SSL certificates
from an online Microsoft CA in Part 8.