Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Integrate Active Directory with VMware vCenter on Oracle Cloud VMware Solution

Introduction

The Oracle Cloud VMware Solution is a fully customer-managed, customer-operated native VMware cloud environment based on VMware validated design for use with a public Oracle Cloud Infrastructure (OCI) implementation. Oracle Cloud VMware Solution allows you to create and manage VMware enabled software-defined data centers (SDDCs) in OCI. Oracle Cloud VMware Solution integrates VMware on-premises tools, skillsets and processes with public Oracle Cloud services. You can rapidly transpose VMware estates to the cloud without changes to best practices or tools. VMware environments operate in a securely isolated customer tenancy with predictable performance and costs.

Oracle Cloud VMware Solution vCenter allows Active Directory (AD) integration and configuring Role-Based Access Control (RBAC). The integration is useful for scenarios wherein on-premises/corporate AD group needs a limited permission on VMware vCenter console. It will help VMware vSphere administrators delegate the required control to a group of users without having to grant complete admin privileges. We can add Oracle Cloud VMware Solution vCenter as a member of Active Directory and a link to the step-by-step guide is available in the Related Links section.

 

Objective

This tutorial describes how you can add AD as the Identity Source (and not adding vCenter as AD member) and an on-premises/corporate AD user will be able to login to the Oracle Cloud VMware Solution vCenter console with custom permissions. This approach can be considered for customers who would like to restrict VMware vCenter admin credentials in their organization. It will also help customers to designate specific controls and not admin control to specific groups.

This tutorial covers the following tasks:

• Create an on-premises/corporate AD Group and add AD users to it
• Integrate the on-premises/corporate AD with VMware vCenter
• Create a custom VMware vCenter role for an on-premises/corporate AD group
• Map the on-premises/corporate AD group with the custom VMware vCenter role

 

Prerequisites

Oracle Cloud VMware Solution vCenter must be able to resolve an on-premises/corporate AD server via FQDN and vice versa over IPSEC VPN or Fastconnect.

 

Task 1: Create on-premises/corporate AD Group and add AD users to it

In this tutorial, we have created an on-premises/corporate AD group vCenter-Demo and added an on-premises/corporate AD user user10 as its member.

 

Task 2: Integrate the on-premises/corporate AD with vCenter

1. Login to Oracle Cloud VMware Solution vCenter console with user name administrator@vsphere.local and the password specified on the Oracle Cloud VMware Solution portal.

2. Click on the hamburger icon and then click Administration.

   

3. Click Configuration under Single Sign On. On the Identity Provider tab, click Identity Sources, and then click Add.

   

4. Choose Identity Source Type as Active Directory over LDAP and enter the on-premises/corporate AD details.

   

5. Click Add.

The on-premises/corporate AD is added as the Identity Source.

 

Task 3: Create a custom vCenter role for OnPrem/Corporate AD group

vCenter offers built-in roles for different use cases. However, in this tutorial we will create a custom role.

1. Click on the Roles tab, and then click on the New link.

   

2. Enter the role name, customize permissions as required, and then click Create.

   

The newly created role with the assigned permissions is displayed.

 

Task 4: Map the on-premises/corporate AD group with a custom vCenter role

1. Click on the Global Permissions tab and then click Add.

   

2. From the Domain drop-down list, select the on-premises/corporate Identity Source created in Task 2.

3. From the Role drop-down list, select Demo-Role.

4. Select the Propagate to children checkbox option and then click Ok to save the configuration.

   

The on-premises/corporate AD group is added with the desired vCenter role and user10 can login to Oracle Cloud VMware Solution vCenter with their AD credentials and custom permissions.

 

Related Links

• Integrate Oracle Cloud VMware Solution with Microsoft Active Directory

 

Acknowledgments

• Author - Vaibhav Tiwari (Cloud Solutions Architect)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Integrate Active Directory with VMware vCenter on Oracle Cloud VMware Solution

F73516-01

November 2022

Copyright © 2022, Oracle and/or its affiliates.