23 Oct 2014

vRealize Automation 6.1, SSO and the Identity Appliance

There seems to be some confusion as to whether or not the Identity Appliance that ships as part of vRealize Automation (previously known as vCloud Automation Center, which will be referred to as vCAC 6 for the rest of this article) is required when deploying vCAC 6.1 in conjunction with vSphere 5.5 and later.

 As of vSphere 5.1, Single Sign-On (SSO) is a pre-requisite to installing the components for and including vCenter Server. It’s no secret that VMware’s initial implementation of SSO in vSphere 5.1 was terrible. It was over complicated in terms of its implementation requirements, even requiring its own database, to be manually set up using SQL scripts. Thankfully, VMware addressed many if not all of the SSO issues in its release vSphere 5.5, with SSO now being a much more simple and robust component in your vSphere 5.5 environment.


When I started looking at vCAC 6, and reading through the documentation, I couldn’t help but notice the constant reference to the Identity Appliance. The Identity Appliance in vCAC 6 is basically an SSO server. It handles SSO for your vCAC 6 implementation, brokering authentication between AD (LDAP) and vCAC. I started wondering, that if I have SSO installed, configured and working in my vSphere environment, why do I need to implement the Identity Appliance? Implementing the Identity Appliance alongside my existing SSO environment would result in me having two separate SSO configurations which kind of takes the “Single” out of SSO.

So I did some digging, asked some questions and basically came to the following conclusion. vCAC can work with your existing vSphere 5.5 implementation, providing that your SSO version is supported (see the table at the end of this artice). When using your existing supported vSphere 5.5 SSO implementation with vCAC 6, you do not need to deploy the Identity Appliance. The vCould Automation Center 6.1 Installation and Configuration guide also states on page 9:

“You can use the Identity Appliance SSO provided with vCloud Automation Center or some versions of the SSO provided with vSphere. For information about supported versions, see vCloud Automation Center Support Matrix”


So why did VMware decide to ship the Identity Appliance with vCAC 6? Well, the answer to that question also lies within the recent name change to vRealize Automation. Noticed how the word “vCloud” is missing from the name? Also noticed that there is no reference to vCenter or any of the VMware virtualisation products such as vCD, or vSphere? The reason is simple. VMware does not want its vRealize Suite of products, including vRealize Automation (vCAC) and vRealize Operations (vCOPS) to be “pigeonholed” to be used only with VMware vSphere implementations. Basically, VMware wants to drive home the fact that you do not need vSphere, vCD or vCloud Air (VCHS) in order to utilise any of the vRealize products. They can be used with alternative cloud platforms from other vendors, or even physical environments.

Therefore, if you don’t have vSphere deployed, but would like to use vCAC, then the Identity Appliance, which is provided as an OVF template (Open Virtualization Format) can be deployed to hypervisors other than ESXi, such as Hyper-V in order to satisfy the SSO requirement for vCAC.

If you would like to avoid deploying the Identity Appliance and utilise your existing vSphere 5.5 SSO implementation, then ensure that your environment meets the following requirements:



Written by  0 comment
Last modified on Tuesday, 09 December 2014 13:52
Rate this item
(0 votes)

Comments (0)

There are no comments posted here yet

Leave your comments

Posting comment as a guest. Sign up or login to your account.
0 Characters
Attachments (0 / 3)
Share Your Location

@Difd_11 It's not like there's anything better to talk about? 🤷
Follow Rynardt Spies on Twitter