1 vCenter with View Composer shared between multiple View Connection servers in different domains

I've been doing some research on whether it is possible but have multiple View Connection servers that belong in different domains use the same vCenter server with composer installed but can't find a definitive answer.  Does anyone know?  This is what I would like to do:

Deploy 1 vCenter server that is not joined to any domain and install View Composer onto vCenter.

Deploy 1 View Connection server and join it to the contoso.com domain

Deploy 1 View Connection server and join it to the abc.com domain


Contoso.com and abc.com domains are completely disjoint and do not have any forest trusts.  I do not want any trusts between these domains because they are seperate companies that don't know about each other.


0 Kudos
2 Replies

Unfortunately this will not work.

Even if you have 2 separate Connections servers on two distinct domains.

The thing is when you add a vCenter to a Connection server and you want to use Composer (for linked clones) you have to add a user (composer-user, created by you that has certain premissions on a domain) that will eventually create the Computer objects in AD, delete them etc.

That user will need permissions on the vCenter (just to be able to add the vcenter), and create the VM's etc.

So when you have 1 vCenter you only have 1 Composer. To add a domain user to a local administrators group is impossible (last time I checked).

So a Service Provider DaaS with linked clones is not going to happen until VMware will support Federation Services in View.

But you can always use manual VMs, and add them to a domain manually. Large administrative overhead but still - you will be sharing resources Smiley Happy

Hope this helps.

0 Kudos

This works fine! The thing that most people run into when setting this up is that the view-composer needs to be doing a "proper" dns-lookup of the Domains and be able to talk on the AD ports. (389 and some more port) Hosts-file entrys is not suffiant!

So that means that the vCenter can talk to both customer A and customer B:s domain-controllers and that is not always acceptable.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".
0 Kudos