VMware Cloud Community
dtsmith62
Contributor
Contributor

Design questions for vCenter 5.1, SSO and SRM

Currently running vcenter 5.0 U1 at primary and recovery sites.  These vcenter servers are currently in linked mode. In researching the upgrade to 5.1, I see a requirement that all vcenter servers in a linked mode group must be registered to the same SSO server. This seems like a requirement for a single point of failure if you want to use linked mode, if there is only one SSO server. I realize this applies to an environment without SRM as well. I bring this up in the SRM forum because I think it applies to most SRM environments.

My question is, how can I design for the recovery site to be independant of the primary site? Of course we want the recovery site to be available in a total loss of primary site scenario. In SRM 5.0 I believe linked mode is not required, but it is still recommended.

Maybe the answer is in SSO/vCenter design and I have not read enough about that yet. Just wondering if anyone has any thoughts...

Reply
0 Kudos
10 Replies
memaad
Virtuoso
Virtuoso

Hi,

If you have link mode in vCenter 5.0.1, I think best option is to go with multi site SSO . Where you will have individual SSO for each vcenter server, pointing to first SSO.

Here is link that might answer your question since you have link mode in place

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203407...

Regards

Mohammed

Mohammed | Mark it as helpful or correct if my suggestion is useful.
Reply
0 Kudos
kwerneburg
VMware Employee
VMware Employee

Pretty much the *only* option for Linked Mode in 5.1 is a multi-site SSO as per Mohammed's recommendations.

You could technically install both VCs and have them use the same SSO, but then the question is where does that SSO reside, at the protected site (and is lost during disaster precluding using VC), or at the recovery site (and have all your main VC SSO interaction cross the WAN).

So multi-site SSO is the only option, really. 

But ask yourself how much you really need linked mode.  While I love it, and use it in my lab, there are lots of manual steps involved in using multisite SSO - i.e. any and every time you make any changes to your production site you'll need to export, copy, import SSO to the other half of the multisite instance.

| @vmKen | VMware Technical Marketing |
Reply
0 Kudos
jimsnorway
Contributor
Contributor

Linked mode is not needed with SRM 5.1 as the vCenter Servers will be both available in the SRM GUI.

my suggestion is to use vSphere Replicator between the data centers to protect the SSO. And also mentioned earlier, I will suggest the multi-site SSO.

Reply
0 Kudos
pdrace
Hot Shot
Hot Shot

jimsnorway wrote:

Linked mode is not needed with SRM 5.1 as the vCenter Servers will be both available in the SRM GUI.

my suggestion is to use vSphere Replicator between the data centers to protect the SSO. And also mentioned earlier, I will suggest the multi-site SSO.

I would rather not go to linked mode because of the single  logical SSO requirement. My understanding is that SRM licenses don't follow the vms if you aren't in linked mode.

That hasn't changed in 5.1 has it?

Reply
0 Kudos
UmeshAhuja
Commander
Commander

Hi,

I think you already have SRM in your environment with 5.0 , But with 5.1 , Would suggest you to go with multisite mode because as there will be SRM in your environment, And for SRM you required Linked Mode vCenter and for Linked Mode , SSO should be with multisite because While the SRM plugin uses the vSphere "thick client" which does not use SSO, But the backend communication of the VCs will require multisite SSO.

               

Reference: http://blogs.vmware.com/vsphere/2013/02/linked-mode-with-sso-for-srm.html 

Thanks n Regards
Umesh Ahuja

If your query resolved then please consider awarding points by correct or helpful marking.
Reply
0 Kudos
pdrace
Hot Shot
Hot Shot

Thanks for the link.

Reply
0 Kudos
kwerneburg
VMware Employee
VMware Employee

It is not true that you "require" linked mode for SRM.

I wrote that blog specifically outlining that it is *not* required, because SRM shows you a consolidated view of DR from either site, regardless of whether you've used linked mode or not.

If you *want* to use linked mode then you have to use multisite SSO, and indeed as mentioned above, that is mostly because of easier license sharing and simplified login views.

But SRM does NOT require linked mode, let's be clear!

| @vmKen | VMware Technical Marketing |
Reply
0 Kudos
pdrace
Hot Shot
Hot Shot

I understand that it's not required for SRM.

But it is required if you want your licenses to be shared across sites automatically, correct?

Reply
0 Kudos
kwerneburg
VMware Employee
VMware Employee

Right, I was responding to the one above saying it was necessary.  Wanted to be precise as that comes up a fair bit!

You're right regarding auto license sharing, absolutely.

| @vmKen | VMware Technical Marketing |
Reply
0 Kudos
BostonTechGuy
Enthusiast
Enthusiast

quick reply to this posting.  What about multiple VCs in the site being protected?  I have made a post asking this very question here: http://communities.vmware.com/thread/451364

However wanted to mention it here.  Other than having multiple VCs, we have the same setup as the original poster.

Reply
0 Kudos