My vCAC Journey: Deploy & Configure Identity Appliance

Written by Ross Davies on . Posted in vCAC

This entry is part 4 of 6 in the series vCAC 6 Install

Now we need to deploy the vCAC identity appliance. This is a pre-configured virtual appliance that provides Single Sign-On capabilities for the vCloud Automation Center environment. The identity appliances an authentication broker and security token exchange that interacts with the enterprise identity store (Active Directory or LDAP) to authenticate users.

The vCAC identity appliance comes packaged as a vApp from VMware. To deploy this vApp once its purchased navigate to File >Deploy OVF Template within the vSphere client. Provide a path to the ova file for the vApp.

Click on Next

Read and accept the EULA then click on Next.

Enter a name for the vApp and choose a folder to store the VM.

Select the cluster / Resource pool that you wish to deploy this vApp into.

Select the datastore / datastore cluster that you wish to place the VM into.

Select the disk format of your choice.

Select the network to provision the vApp into.

Enter a default password for the vApp and the networking information that the vApp will use. Be sure to set the FQDN for the hostname property.

Verify the vApp details and click on Finish to deploy the vApp.


Before you power on the vApp we need to ensure that time synronization is configured between the guest Vm and the ESXi host. Right-click on the VM in vCenter and click on Edit Settings… Click on the Options tab and VMware Tools, ensure that the Advanced Option “Check and upgrade Tools during power cycling” is enabled.

You only have to do this is you choose not to use an NTP server directly – as my ESXi hosts & windows servers all sync their time from the same NTP source I chose to leverage this option for timesync on the vApps that make up vCACs.

Also, as this vApp is a single CPU system I chose to leverage Fault Tolerance to increase the uptime of this vApp should a ESXi host failure occur.

Power the VM on and log on the vApp management webpage which can be found here https://<FQDN of vApp>:5480

Login with the username root & the password that you defined during deployment.

Set the Timezone (Should be the same as all other systems in your vCAC environment) included the windows systems that will make up the IaaS components of vCAC. You may need to check with your windows administrators to see what this is default to within your OS images or GPOs.

(If necessary) set the proxy configuration to allow this VM to reach the internet for updates.

Set the vApp to check for updates on a schedule of your choice.

Click on SSO. Specify the admin password for the SSO domain and click on apply. This can take several minutes to complete – once complete SSO Status will change to RUNNING.

Click on host Settings and add :7444 to the end of the default SSO hostname and click on Apply.

Click on Active Directory and enter the necessary info to join your domain. I had to enter ny username in the format <USER>@<LONG DOMAIN NAME> for this to work sucessfully.

Click on SSL and choose to Import a PEM encoded Certificate – use the certificate info generated earlier by the powershell script;

That’s it! Now that you have the SSO server up and running you can move onto configuring the first of the vCAC application servers.

Series Navigation<< My vCAC Journey: Deploy & Configure PostgreSQLMy vCAC Journey: Deploy & Configure 1st vCloud Automation Center Appliance >>

Tags: , , ,

Trackback from your site.

Leave a comment