Platform Services Controller (PSC) is a component of the VMware Cloud Infrastructure Suite. PSC deals with identity management for administrators and applications that interact with the vSphere platform.
With this new architecture of vCenter Server 6.0 you learned about the Platform Services Controller, a new functional component of vCenter that moves beyond just Single-Sign On to include additional platform services such as:
- Licensing Service
- Certificate Authority (VMCA)
- Certificate Store (VECS)
- Lookup Service for Component Registrations
In vCenter Server 6.0 Update 1, we’re excited to introduce the next stage of the administration with the Platform Services Controller Interface, a fully HTML5-based interface to administer and configure many of the services that run on the PSC.
Using the Platform Services Controller Interface you can perform tasks, such as:
- Adding and Editing Users and Groups for Single Sign-On
- Adding Single Sign-On Identity Sources
- Configuring Single Sign-On Policies (e.g Password Policies)
- Adding Certificate Stores
- Adding and Revoking Certificates
References:
vCenter Linked Mode
vCenter Enhanced Linked Mode connects multiple vCenter Server systems together by using one or more Platform Services Controllers. 2 PSC can work in HA mode.
Enhanced Linked Mode lets you view and search across all linked vCenter Server systems and replicate roles, permissions, licenses, policies, and tags.
When you install vCenter Server or deploy the vCenter Server Appliance with an external Platform Services Controller, you must first install the Platform Services Controller. During installation of the Platform Services Controller, you can select whether to create a new vCenter Single Sign-On domain or join an existing domain.
Call API of vCenters in Linked Mode
When two or more vCenters are connected to a PSC (i.e. in Linked Mode), we can follow the steps below to retrieve data from each vCenter.
- Lookup vCenter Servers IP in PSC. The python script “lookup-vcenters-in-psc.py PSC_IP” can list all vCenter Servers IP in PSC, and this script does not require authentication.
- Use the API to login PSC and get a token. This is the same API with the API to login vCenter with embedded PSC.
- Use the token to call API of each vCenter. These is not a single API call to get data from both vCenters, so you need to call each vCenter separately.
lookup-vcenters-in-psc.py :
from
pyVim
import
connect
import
requests
import
sys,ssl
from
xml.etree.ElementTree
import
XML, fromstring, tostring
from
requests.packages.urllib3.exceptions
import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
server
=
sys.argv[
1
]
protocol
=
'https'
port
=
443
path
=
'lookupservice/sdk'
url
=
"%s://%s:%s/%s"
%
(protocol, server, port, path)
baseVersion
=
'lookup'
context
=
ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode
=
ssl.CERT_NONE
versionId
=
'urn:lookup/2.0'
headers
=
{
'content-type'
:
'text/xml; charset=utf-8'
,
'Accept'
:
'text/xml,multipart/*,application/soap'
,
'SOAPAction'
: versionId}
body
=
response
=
requests.post(url,data
=
body,headers
=
headers, verify
=
False
)
soapResponse
=
fromstring(response.content)
vCenterList
=
[]
returnvalList
=
soapResponse.findall(
'.//{urn:'
+
baseVersion
+
'}returnval'
)
for
retVal
in
returnvalList:
nodes
=
retVal.findall(
'.//{urn:'
+
baseVersion
+
'}url'
)
for
node
in
nodes:
if
node.text.endswith(
':443/sdk'
):
vCenterList.append(node.text)
print
vCenterList