NSX – Implement identity service support for Active Directory, NIS, and LDAP with Single Sign-On (SSO)

I think we have already covered this… but not issues going through the process again!

You can a register one or more Windows domains with an NSX Manager and associated vCenter server. NSX Manager gets group and user information as well as the relationship between them from each domain that it is registered with. NSX Manager also retrieves Active Directory (AD) credentials.

Once NSX Manager retrieves AD credentials, you can create security groups based on user identity, create identity-based firewall rules, and run Activity Monitoring reports.

This is achieved by joining the NSX Manager to the domain. To do this go the Networking and Security plugin, then NSX Managers and select the NSX Manager you want to join to the domain. Once you have got this screen loaded up click on Manage then Domains:

Click on the green plus and step through the config, first up is the Domain Name and NetBIOS names:

Next is a DC, protocol, port, username and password:

Next is some Security Event Log Access settings:

Then Next and Finish…

You also have to use the Lookup service if you want to control access to NSX itself, this is done with the following steps (I’ve already covered this in an earlier post):

Integrating the single sign on (SSO) service with NSX improves the security of user authentication for vCenter users and enables NSX to authenticate users from other identity services such as AD, NIS, and LDAP.

With SSO, NSX supports authentication using authenticated Security Assertion Markup Language (SAML) tokens from a trusted source via REST API calls. NSX Manager can also acquire authentication SAML tokens for use with other VMware solutions.

1. Log in to the NSX Manager virtual appliance.
2. Under Appliance Management, click Manage Settings.
3. Click NSX Management Service.
4. Click Edit next to Lookup Service.
5. Type the name or IP address of the host that has the lookup service.
6. Change the port number if required. The default port is 7444.
7. Type the vCenter administrator user name and password (for example, administrator@vsphere.local).
This enables NSX Manager to register itself with the Security Token Service server.
8. Click OK.

Confirm that the Lookup Service status is Connected.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.