When I started looking at vCAC 6, and reading through the documentation, I couldn’t help but notice the constant reference to the Identity Appliance. The Identity Appliance in vCAC 6 is basically an SSO server. It handles SSO for your vCAC 6 implementation, brokering authentication between AD (LDAP) and vCAC. I started wondering, that if I have SSO installed, configured and working in my vSphere environment, why do I need to implement the Identity Appliance? Implementing the Identity Appliance alongside my existing SSO environment would result in me having two separate SSO configurations which kind of takes the “Single” out of SSO.
So I did some digging, asked some questions and basically came to the following conclusion. vCAC can work with your existing vSphere 5.5 implementation, providing that your SSO version is supported (see the table at the end of this artice). When using your existing supported vSphere 5.5 SSO implementation with vCAC 6, you do not need to deploy the Identity Appliance. The vCould Automation Center 6.1 Installation and Configuration guide also states on page 9:
“You can use the Identity Appliance SSO provided with vCloud Automation Center or some versions of the SSO provided with vSphere. For information about supported versions, see vCloud Automation Center Support Matrix”
So why did VMware decide to ship the Identity Appliance with vCAC 6? Well, the answer to that question also lies within the recent name change to vRealize Automation. Noticed how the word “vCloud” is missing from the name? Also noticed that there is no reference to vCenter or any of the VMware virtualisation products such as vCD, or vSphere? The reason is simple. VMware does not want its vRealize Suite of products, including vRealize Automation (vCAC) and vRealize Operations (vCOPS) to be “pigeonholed” to be used only with VMware vSphere implementations. Basically, VMware wants to drive home the fact that you do not need vSphere, vCD or vCloud Air (VCHS) in order to utilise any of the vRealize products. They can be used with alternative cloud platforms from other vendors, or even physical environments.
Therefore, if you don’t have vSphere deployed, but would like to use vCAC, then the Identity Appliance, which is provided as an OVF template (Open Virtualization Format) can be deployed to hypervisors other than ESXi, such as Hyper-V in order to satisfy the SSO requirement for vCAC.
If you would like to avoid deploying the Identity Appliance and utilise your existing vSphere 5.5 SSO implementation, then ensure that your environment meets the following requirements: