Anatomy of Multiple Active Directory Domains with NSX for vSphere Manager

Author : Michael A. Haines, Prasenjit Sarkar

There have been a few instances when I have been working with various customers that have asked me if NSX for vSphere Manager could work and was supported with multiple (3 in this particular case) Active Directory domains? Well, firstly it should be noted that the NSX for vSphere Manager is dependent on the vCenter Server SSO implementation, as we do not have any local AAA or local users beyond just administrator.

So the good news is we can and have tested supporting multiple Active Directory domains. Here you would use the Integrated Windows Authentication for trusted domains and use the Active Directory over the LDAPv3 protocol for non trusted Active Directory domains.

It is worth noting that large Active Directory environments can be somewhat problematic with this type of connection! But this brings up another interesting question! In the NSX for vSphere Manager Appliance UI, you can only set one Active Directory domain. So how do you set more than one as in the above case?

Well, you need to add the Identity Services as in the following example like LDAP / Active Directory Server from the SSO Configuration page -> Identity Sources.

Identity-Sources

Identity-Sources-1

Note that in vSphere v5.5 the Active Directory “Identity Source” is not added automatically. So you will need to add Active Directory as a source so you can authenticate with domain-based accounts. More information on adding Identity Sources can be found in the VMware vSphere 5.5 Documentation -> ESXi and vCenter Server 5.5 Documentation -> vSphere Security -> vSphere Authentication with vCenter Single Sign-On -> Configuring vCenter Single Sign-On (http://goo.gl/wjb9Gu)

Note: The above is the URL to the Identity Sources for vCenter Server with vCenter Single Sign-On Documentation.

Also see the following if when adding an Active Directory identity source in vCenter Server Single Sign-On v5.5 fails: (http://goo.gl/BQigF5)

Note: The above is the URL to VMware’s Knowledge base and in particular potential issues.

About Prasenjit Sarkar

Prasenjit Sarkar is a Product Manager at Oracle for their Public Cloud with primary focus on Cloud Strategy, Oracle Openstack, PaaS, Cloud Native Applications and API Platform. His primary focus is driving Oracle’s Cloud Computing business with commercial and public sector customers; helping to shape and deliver on a strategy to build broad use of Oracle’s Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings such as Compute, Storage, Java as a Service, and Database as a Service. He is also responsible for developing public/private cloud integration strategies, customer’s Cloud Computing architecture vision, future state architectures, and implementable architecture roadmaps in the context of the public, private, and hybrid cloud computing solutions Oracle can offer.

One thought on “Anatomy of Multiple Active Directory Domains with NSX for vSphere Manager

  1. Pingback: NSX Link-O-Rama | vcdx133.com