So current state is 3 different SSO domains running on 5.5. And future state is v6 linked mode SSO configuration between 3 sites.
This is what you need to do:
1. Create a new SSO role on a new Windows based server. Create additional SSO servers in each site linking it to the first one.
Now you should have your current setup and synchronized SSO domain between all sites.
2. You'll need to repoint the vCenters in each site to the local SSO installation. By doing this you will lose:
- All permissions created for users from the Single Sign-On system identity source
- All permissions granted to users from identity sources that are not present in the new Single Sign-On instance
- All permissions granted to local operating system users
Now you will have a v5.5 SSO multisite layout. Each of the SSO is independent on each other. Recommend checking if the SSO is syncing correctly before continuing. Should happen every 30 sec.
3. Now you can upgrade to vSphere 6. First you upgrade the SSO Windows machines to 6. Then the vCenter servers.
If you require to change to PSC appliances and vCenter appliances you will need to take these additional steps:
1. Create a new PSC in each site and link to the one local on each site. This will result in 1 Windows Based PSC and 1 appliance based in each site, all of them in the same SSO domain.
2. Repoint the vCenter to the appliance PSC.
3. Disconnect and delete the Windows based PSCs.
4. Migrate from vCenter on Windows to Appliance (not supported, yet)
Thank you very much for taking the time for your detailed answer. Let me ask you some questions to make sure I am following along correctly.
I first need to deploy a new Windows Server at my 3 sites, install SSO on each, and point my vCenter Servers to the new SSO at their respective site. So the appliance can use a Windows Server for SSO?
I need some help understanding your second set of steps. I imagine with my goal that I need an external PSC at each site. So the upgrade to 6 does not take care of that? I need to go through your steps?
Hi, Sorry for the late response.
But yes it really doesn't matter where the SSO is running. Its just a service.
The second steps is just about moving the SSO installation from a Windows Based Installation to a Appliance based one.
Please note that the migration from vCenter on Windows to Appliance will be supported soon (and can be attempted with the vCenter migration tool)