An administrator wants to allow users to login to the vSphere Web Client using the Use Windows session authentication check box for faster authentication. Which
three requirements must be met for this feature to be available and functional? (Choose three.)
A.
Install the vSphere Web Client Integration browser plug-in on the vCenter Server and Platform Services Controller machines.
B.
Install the vSphere Web Client Integration browser plug-in on each workstation from where a user will sign in.
C.
The users must be signed into Windows using Active Directory user accounts.
D.
The administrator must create a valid Identity Source in Single Sign-On for the users domain.
E.
The administrator must create a valid Single Sign-On Identity Source using Integrated Windows Authentication.
Explanation:
Explanation/Reference:
B, C and D are correct:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-C7BF3BD5-76E6-406F-8CF1-309D31F1DEBA.html
Why not B,C,E?
http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUID-4D24C6E8-63F5-4E35-862E-B59A03703254.html
Because using AD as an LDAP server would also be a valid identity source?
http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUID-1F0106C9-0524-4583-9AC5-A748FD1DC4C5.html
AD as LDAP is being deprecated, it’s only supported for backwards compatibility.
Your reference states 5.1
Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On service included with vSphere 5.1. Shown as Active Directory as an LDAP Server in the vSphere Web Client.
Current documentation is states “This option is available for backward compatibility”
https://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-B23B1360-8838-4FF2-B074-71643C4CB040.html
AND
The Active Directory as an LDAP Server identity source is available for backward compatibility. Use the Active Directory (Integrated Windows Authentication) option for a setup that requires less input.
https://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-98B36135-CDC1-435C-8F27-5E0D0187FF7E.html
[see upgrade from 5.1 to 5.5 – https://kb.vmware.com/kb/2058942%5D
Se the AD for LDAP is a 5.1 SSO thing. It’s for backwards compatibility.
I do agree, that E would be a better choice than D being a “windows session”
However, this post shows OpenLDAP could facilitate the authentication of windows users. Being that OpenLDAP is a supported auth provider, then D would be best choice.
[but then again, local os for windows users .. dont think that would work]
Authenticating Windows to openLDAP server on Ubuntu 9.10
https://ubuntuforums.org/showthread.php?t=1330637