1 person found this helpful
The domains have no trusts between each other by design. Not my design, btw! If I can use Linked Mode - which looks a bit more of a viable option in 5.5, that would make like a lot easier and gives the single pane (or pain!) that is required.
I'd like to use the new appliance now the limitations have been lifted a bit, but the lack of multi-site is putting me off a bit. Well, ok, quite a lot.
Any advice/help will be very much appreciated.
Linked mode requires you do use either the same domain for all vCenters linked together or a two way trust between the domains the vCenter Servers are joined in, therefore Linked mode is definitely out of the picture for you.
The only other way to achieve single pane of glass would be to register all vCenter servers against the same logical SSO instance, which in 5.1 SSO is usually a bad idea as one single domain down could already mean the end of all authentication against all vCenter servers (seen that happen way too often...).
I'd say under your circumstances single pane of glass is out of the picture as you either will introduce a huge risk with single SSO 5.1 (HA option is not really HA in 5.1 as well) and not meeting AD requirements to introduce it with Linked mode in an orderly fashion.
If the rest of the network is okay for open ports you could go for a single vCenter managing all the hosts and create local users (either Windows or SSO local) for users to manage, but that is dependent on overall WAN speed and stability (you don't want to deploy OVFs across a 1MBit WAN link for example).
Thanks for that. It's kind-of along the lines of what I was wondering so that clarifies it a bit. There won't be any deployments of more VMs on the WAN I don't think although there may be more sites added later - as long as the vC maximums are not exceeded. I'm thinking that maybe a central vCenter pair with Heartbeat protecting them is an option, but the WAN links become a point of failure at the more remote sites and I'm not sure about WAN latency. I'm told it's pretty good. What concerns me most is if a WAN link breaks then the hosts loose contact with the licensing vCenter server. I'm pretty much discounting vC 5.1 now, and going for 5.5 because of the SSO, but the hosts will all be ESXi 5.1b - I think. 5.0 at present, trying to get them to upgrade. I'm trying to get them to put trusts between the domains, but it's not that simple. Am I right in thinking that in vC 5.5 Linked Mode and Multi-site are the same thing or are they slightly different?
There's also the possibility of using the Web client (Yay!) and registering all vCenters in that or have one vC per tab in a browser. Bit too long-winded though.