VMware Cloud Community
Dryv
Enthusiast
Enthusiast
Jump to solution

SSO HA

Hi All

I have a vCenter 5.5 U2 Implementation. The powers that be want me to start looking at options for protecting vCenter, over and above vSphere HA. It seems I can use Microsoft Clustering, which I will start to explore. However the guide I'm looking at states SSO should be installed on a different server if clustering vCenter.

What options do I have for protecting SSO then?

I am assuming if I had a single SSO server and it went down, I am completely locked out of accessing vCenter, therefore kinda pointless protecting vCenter if I cant adequately protect SSO?

Thanks

D

Reply
0 Kudos
1 Solution

Accepted Solutions
vHaridas
Expert
Expert
Jump to solution

If primary SSO fails, it should allow you to repoint vCenter to secondary SSO server as both SSO replicates data with each other. Am not 100% certain as I have not tried it, So I would suggest you to test these scenario in LAB setup first.

You need to repoint all services with each other to get vCenter, SSO working.

See this -

VMware KB: Re-pointing and re-registering VMware vCenter Server 5.1 / 5.5 and components

Please consider awarding points for "Correct" or "Helpful" replies. Thanks....!!! https://vprhlabs.blogspot.in/

View solution in original post

Reply
0 Kudos
6 Replies
vHaridas
Expert
Expert
Jump to solution

You can install SSO in HA mode with vCenter 5.5 Update 2.

You need to put SSO server behind Load Balancer, refer below documents for more details.

vSphere 5.5 Documentation Center

VMware KB: vCenter Single Sign-On deployment modes for vSphere 5.5

Thanks,

Haridas

Virtual Admin

Please consider awarding points for "Correct" or "Helpful" replies. Thanks....!!! https://vprhlabs.blogspot.in/
Reply
0 Kudos
Dryv
Enthusiast
Enthusiast
Jump to solution

Hi,

Thanks for the response. The only issue is I don't have a load balancer. Do you know if I can still install in HA mode, until the time I can perhaps get approval for a load balancer? What I mean by this is I still deploy the 2 SSO servers, and always have vCenter point to the first SSO server... then if the first SSO server was ever to fail, I could potentially manually point vCenter to the second one?

Reply
0 Kudos
vHaridas
Expert
Expert
Jump to solution

You can use apache load balancer module, try this before you for purchase of any LB.

VMware KB: Setting up vCenter Single Sign-On in high availability mode with an Apache load balancing...

Thanks,

Haridas

Please consider awarding points for "Correct" or "Helpful" replies. Thanks....!!! https://vprhlabs.blogspot.in/
Reply
0 Kudos
Dryv
Enthusiast
Enthusiast
Jump to solution

Hi vHaridas

Thanks for the great responses! I will definitely try this out, but at some point I will also need to ensure the Load Balancer is redundant, or again, I guess I will be stuffed if this Apache Load Balancer fails.

So, do you know if it is at all possible to build 2 SSO Servers in HA mode and point vCenter manually to the Second SSO server if the First SSO server fails?  Of course they'll be outage but I need to know how would I get myself out of the situation should it arise.

I am hoping to get a F5 VE.

Reply
0 Kudos
vHaridas
Expert
Expert
Jump to solution

If primary SSO fails, it should allow you to repoint vCenter to secondary SSO server as both SSO replicates data with each other. Am not 100% certain as I have not tried it, So I would suggest you to test these scenario in LAB setup first.

You need to repoint all services with each other to get vCenter, SSO working.

See this -

VMware KB: Re-pointing and re-registering VMware vCenter Server 5.1 / 5.5 and components

Please consider awarding points for "Correct" or "Helpful" replies. Thanks....!!! https://vprhlabs.blogspot.in/
Reply
0 Kudos
Dryv
Enthusiast
Enthusiast
Jump to solution

Fantastic vHaridas, Thank you for the guidance here... Yes, Lab setup will definitely need to be done first I think... I will try and report back onto this thread. At the moment still trying to do the paperwork in working out how this will all hang together

Reply
0 Kudos