TAM Lab 048 - Moving vSphere Authentication from LDAP to LDAPS

  Рет қаралды 11,780

VMware TAM Lab

VMware TAM Lab

Күн бұрын

Пікірлер: 11
@shaneusmaximus2744
@shaneusmaximus2744 3 жыл бұрын
Would have been helpful to show which contents of the certificate chain you copied into the text file to create the cert. Is it the whole thing or what?
@RogerDingoDing
@RogerDingoDing Жыл бұрын
the 2 GPO settings that you changed here.. .is that a requirements for LDAPs to work? im a bit confused as to why you enabled those 2 settings.... what happens if you dont change those settings? will LDAPs still work?
@loeffelm
@loeffelm 2 жыл бұрын
What happens if you remove an existing Identity Source from which you had AD groups used in Global Permission ? Are you going to lose all those groups ? (ie will they get removed?) Another way to put it: what happens if I remove my current “AD over LDAP” IS (which is used in Global Permissions) then re-add it using ldaps. Will all AD groups still be there in Global Permission?
@jasonwoerner8428
@jasonwoerner8428 4 жыл бұрын
Integrated Windows Auth still uses unsigned LDAP for non-authentication purposes and generates 2889 events. I wish this video would address migrating from Integrated to LDAPS because I can not add the latter without destroying the former, apparently.
@VMwareTAMLab
@VMwareTAMLab 4 жыл бұрын
Correct these are two completely different authentication methods, so you have to remove IWA first.
@RicardoSaramago
@RicardoSaramago 4 жыл бұрын
Hi, if we have vCenter connected to the AD via IWA, what's the impact on changing to LDAPS? Thanks.
@VMwareTAMLab
@VMwareTAMLab 4 жыл бұрын
Hi Ricardo! If vCenter is connected via IWA, there should not be an impact when LDAPS is enabled. Check out the following post: blogs.vmware.com/vsphere/2020/01/microsoft-ldap-vsphere-channel-binding-signing-adv190023.html "Integrated Windows Authentication (IWA) has also been tested by VMware Engineering and verified to be compatible with these changes. IWA uses different protocols and mechanisms to interact with Active Directory and is not affected by changes to the Active Directory LDAP servers." As always, feel free to reach out to VMware support if you have any additional concerns about this in your environment.
@TGUK9
@TGUK9 4 жыл бұрын
It might be worth checking out the new blog on the vsphere blog website, in regards to IWA - "vSphere 7 - Integrated Windows Authentication (IWA) Deprecation"
@kevinwood4931
@kevinwood4931 4 жыл бұрын
The issue with your design is that you shouldn't be running Cert Services on an AD controller. "With AD CS you have another problem in that you cannot remove Active Directory (in the event you want to decommission a DC for example) without first removing AD CS from that DC." Every demonstration I see for this process talks about using Certificate services on a domain controller and it is not best practices.
@VMwareTAMLab
@VMwareTAMLab 4 жыл бұрын
Hi Kevin! Your observation is accurate, for sure. The decision to use an Active Directory-integrated Enterprise CA was to model one of the ways that customers may have a CA implemented in their environment. Finding the SSL cert for LDAPS with a domain controller using an Enterprise CA is different than Standalone or non-AD-based CAs. Alternative architectures could have included Standalone with an offline root CA and a couple of intermediate CAs online. But, at the end of the day, it made for a more straightforward process to show how the LDAPS configuration from vSphere's perspective and less on CA architecture. But... with all of that being said, we REALLY appreciate your comment for the video because it's important considerations for customers running certificates within their own environments. Design decisions all over the place have implications that you weigh as part of the design OR... they show up later and you wish you would have known more about it. So, thank you for sharing your thoughts on it! :-) ~Bill
TAM (Nano) Lab - AD Authentication & Authentication Proxy
17:05
VMware TAM Lab
Рет қаралды 998
TAM Lab 113 - Part 1 - Review and Setup ADFS
15:36
VMware TAM Lab
Рет қаралды 7 М.
Гениальное изобретение из обычного стаканчика!
00:31
Лютая физика | Олимпиадная физика
Рет қаралды 4,8 МЛН
Securing LDAP over SSL Safely [Windows Server 2019]
33:34
OsbornePro TV
Рет қаралды 40 М.
vCenter Server two-factor authentication configuration
10:43
VirtualizationHowto
Рет қаралды 20 М.
Unleash the Power of VMware with PowerCLI: A Beginner's Journey to Mastery
27:32
What is VMware vSphere ESXi and vCenter?
20:04
Rob Willis
Рет қаралды 615 М.
TAM Lab 039 - How to leverage the vSphere REST API
48:02
VMware TAM Lab
Рет қаралды 9 М.
Before I do anything with VMware ESXi I do this first
18:11
VirtualizationHowto
Рет қаралды 149 М.
TAM Lab 016 - Site Recovery Manager (SRM) Deep Dive
54:24
VMware TAM Lab
Рет қаралды 12 М.