Federation beta is available to all HostRooster Private Cloud vCenter 6.5 clients. Join the beta by contacting support. It enables you to access VMware vCenter using Microsoft Active Directory. HostRooster ‘s DevOps team created a VMware API. vCenter’s API can’t configure identity sources.
This page describes how to activate the Federation and its benefits.
Why?
Private Cloud vCenter automatically manages access privileges. SSO manages access-control techniques (RBACs). The Federation lets MS AD manage users (AD), the vCenter server checks a user’s identification with the domain controller, then vCenter manages object rights. AD users can be allocated vCenter roles to access and control infrastructure once the Federation is established (virtual machines, networks, folders, etc.).
This reduces the number of administrator accounts needed to access vCenter. Unify Active Directory and vCenter Private Cloud password policies.
Federation’s API automates configuration and maintenance. Any monitoring tool can check Federation and user privileges (Nagios, Zabbix, Sensu, etc.).
Prerequisites
First, enable vCenter-domain controller communication. This is possible using HostRooster Cloud Connect’s Private Gateway. HostRooster or one of our partners can help you choose the best architecture.
Once connected, gather info before configuring:
- Password HostRooster (nic and password)
- Name cloud (in the form pcc-X-X-X-X)
- Active Directory infrastructure details:
- Short Active Directory domain names (for example, contoso and contoso.com)
- IP DNS
- AD access credentials
- AD groups and users’ “base DN” (e.g., Users, contoso, com). Despite being required, group information cannot regulate authentication.
- vCenter AD users. Usernames must be username@FQDN.domain (federation@contoso.com).
Multiple users with the same short name can’t be managed via Active Directory or directly.
Activation and configuration
After acquiring information, activate and configure Federation. Three steps.
- Private Cloud-Active Directory connection
- AD-to-private-cloud user binding
- User permissions
Only HostRooster ‘s API allows configuration. However, the HostRooster Control Panel should soon allow it. Once the API activates, configures, and deletes your Private Cloud’s Federation.
Activating the AD – Private Cloud connection
Log in to the API explorer using HostRooster . Get your Private Cloud’s name (called serviceName in the API). /dedicatedCloud returns this.
POST Active Directory to /dedicatedCloud/serviceName>/federation/activeDirectory to enable Federation. Required info.
Background Federation activation. HostRooster ‘s Control Panel indicates progress.
Get the Federation ID from /dedicatedCloud/serviceName>/federation/activeDirectory.
Binding multiple AD users
We can bind AD users now that it’s on vCenter Private Cloud. However, linked users won’t have vCenter roles and can’t log in.
POST a user’s full username to /dedicatedCloud/serviceName/federation/activeDirectory/activeDirectory/grantActiveDirectoryUser.
Ensure the user is in the AD-vCenter search OU. Check API or Control Panel imports.
You’ll get a confirmation email.
Granting access privileges
Provide virtual infrastructure to users. Similar to controlling Private Cloud user permissions. Optional: API or HostRooster Control Panel.
Now you can administer your Private Cloud with AD users in vCenter.
Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!
