VMware Cloud Community
FJ1200
Enthusiast
Enthusiast
‎03-03-2014 08:03 AM

Multi-site vCenter 5.5 deployment

I've been looking for a while at a geographically dispersed vCenter Installation into an existing vSphere 5.1 environment.  There are a number of different domains that are isolated from each other but the underlying hosts at each site can see each other.  Some of the more remote sites will run lights-out and un-manned.   They ideally want a single pane of glass administration.  The newer features in vCenter 5.5 make this a bit easier, and I'm re-thinking my approach.  I'm now thinking either a central pair of primary/secondary servers with Heartbeat and each of the sites in a separate datacenter in vCenter, or more likely, a multi-site vCenter installation.  However, what I'd like to know, and I'm not 100% sure from reading mountains of documentation, is can I run without SSO hooking into AD, as each site has it's own separate AD, or since vCenter is now site-aware, could I run it in linked mode?  The domains have no trusts between each other by design.  Not my design, btw!   If I can use Linked Mode - which looks a bit more of a viable option in 5.5, that would make like a lot easier and gives the single pane (or pain!) that is required.

I'd like to use the new appliance now the limitations have been lifted a bit, but the lack of multi-site is putting me off a bit.  Well, ok, quite a lot.

Any advice/help will be very much appreciated.

0 Kudos
2 Replies
admin
Immortal
Immortal
‎03-04-2014 02:03 PM

FJ1200 wrote:


The domains have no trusts between each other by design.  Not my design, btw!   If I can use Linked Mode - which looks a bit more of a viable option in 5.5, that would make like a lot easier and gives the single pane (or pain!) that is required.

I'd like to use the new appliance now the limitations have been lifted a bit, but the lack of multi-site is putting me off a bit.  Well, ok, quite a lot.

Any advice/help will be very much appreciated.

Linked mode requires you do use either the same domain for all vCenters linked together or a two way trust between the domains the vCenter Servers are joined in, therefore Linked mode is definitely out of the picture for you.

The only other way to achieve single pane of glass would be to register all vCenter servers against the same logical SSO instance, which in 5.1 SSO is usually a bad idea as one single domain down could already mean the end of all authentication against all vCenter servers (seen that happen way too often...).

I'd say under your circumstances single pane of glass is out of the picture as you either will introduce a huge risk with single SSO 5.1 (HA option is not really HA in 5.1 as well) and not meeting AD requirements to introduce it with Linked mode in an orderly fashion.

If the rest of the network is okay for open ports you could go for a single vCenter managing all the hosts and create local users (either Windows or SSO local) for users to manage, but that is dependent on overall WAN speed and stability (you don't want to deploy OVFs across a 1MBit WAN link for example).

FJ1200
Enthusiast
Enthusiast
‎03-04-2014 11:35 PM

Hi Frank

Thanks for that.  It's kind-of along the lines of what I was wondering so that clarifies it a bit.  There won't be any deployments of more VMs on the WAN I don't think although there may be more sites added later - as long as the vC maximums are not exceeded.  I'm thinking that maybe a central vCenter pair with Heartbeat protecting them is an option, but the WAN links become a point of failure at the more remote sites and I'm not sure about WAN latency.  I'm told it's pretty good.  What concerns me most is if a WAN link breaks then the hosts loose contact with the licensing vCenter server.  I'm pretty much discounting vC 5.1 now, and going for 5.5 because of the SSO, but the hosts will all be ESXi 5.1b - I think.  5.0 at present, trying to get them to upgrade.   I'm trying to get them to put trusts between the domains, but it's not that simple.  Am I right in thinking that in vC 5.5 Linked Mode and Multi-site are the same thing or are they slightly different?

There's also the possibility of using the Web client (Yay!)  and registering all vCenters in that or have one vC per tab  in a browser.  Bit too long-winded though.

0 Kudos