fvandun
Contributor
Contributor

Maximum number of SSO servers?

Hello,

We have a vSphere deployment with 13 remote sites and 1 central site.

We want to setup local vCenters + ESXi clusters on each site, but with Single-Sign On and with linked-mode vCenters to the central site vCenter.

The central site will also have a vCOPS instance monitoring all sites.

So 2 questions:

1) what is the maximum number of SSO servers that we can install? We need at least 13+1=14.

2) what is the maximum number of vCenters in 1 linked mode group? We should also need 14. I read in the vsphere55 Config Maxima that this is set at 10. Is this a hard-coded or soft limit? Anybody has experience with this amount of linked mode vCenters?

3) If the limit is really 10, what do you suggest to put in the Central Site so as to have a single-pane off glass management and monitoring?

Thanks in advance,

Francis

0 Kudos
5 Replies
vThinkBeyondVM
VMware Employee
VMware Employee

Hi Friend,

As per configuration maximum, 10 is the max vCenters you can add into linked mode group. As it is specified by VMware, it is mean that it is tested and recommended by VMware. If we go beyond that we can not know whether it will work or not . Hence it is better NOT to take risk (Lot of efforts requires to set up 10 VC itself).

As per me, rarely anybody will go for 10 itself.

Also as per the linked mode requirements/prerequisites: all vCenter Servers in a Linked Mode group are registered to the same vCenter Single Sign On server.

Refer requirements/prerequisites in details::: VMware vSphere 5.1

In order to avoid single point of failure @SSO, you can implement SSO HA (using third party load balancer).  You will get KBs/blogs to configure the same @google.

Please also explore "Multisite SSO deployment"

VMware KB: Identifying VMware vCenter Single Sign-On server deployment mode

If it is useful, plz mark answer as correct or helpful.
----------------------------------------------------------------
Thanks & Regards
Vikas, VCP50, MCTS on AD, SCJP6.0.
http://vThinkBeyondVM.com
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

DanielOprea
Hot Shot
Hot Shot

Hello,

To mount this infrastructure you want, is not possible. I have enough EXPERIENCE large infrastructure with multiple VC, with large number of VMs as Host Esxi and do not recommend this design that have you thought.

Note:

Linked vCenter Servers are the maximum 10 (for the link between all the VCs, domains must have trust relationships, if 1dominio per VC)

In linked mode of many VCs you lose Performance.

With the SSO is the same, requires trust relationships between domains.

Design that I recommend:

1 - All Independent site, each with its SSO, VC and SQL.

2 - Install 6 +1 and 6 +1

Obvious that the amount of host must be taken into account, the number of VMs, domains, domains'll have few, if they will have trust relationships or not, etc..

Please look to this article for more information about sso:

vCenter Single Sign-On Part 1: what is vCenter Single Sign-On? | VMware vSphere Blog - VMware Blogs

And look at you this article to see several types of SSO infrastructure design:

http://kendrickcoleman.com/index.php/Tech-Blog/multiple-vcenter-servers-sso-and-how-to-design-for-fa...

PLEASE CONSIDER AWARDING any HELPFUL or CORRECT answer. Thanks!! Por favor CONSIDERA PREMIAR cualquier respuesta ÚTIL o CORRECTA. ¡¡Muchas gracias!! Blogs: http://danieloprea.blogspot.com.es/ https://communities.vmware.com/blogs/doprea
fvandun
Contributor
Contributor

Hello VickyVision, DanielOprea,

Thanks for the replies.

I'll consider splitting the number of sites of 2 vCenter instances so as to stay below the 10 vCenter limits.

About the remark that all "vCenter Servers in a Linked Mode group should be registered to the same vCenter Single Sign On server".

I'm not sure that this is still required in version 5.5. When I read about vSphere 5.5 SSO Deployment Modes (vCenter Single Sign-On Deployment Modes), I see :

Multisite vCenter Single Sign-On:

"Each site is represented by one vCenter Single Sign-On instance, with one vCenter Single Sign-On server, or a high-availability cluster. The vCenter Single Sign-On site entry point is the machine that other sites communicate with. This is the only machine that needs to be visible from the other sites."

I understand this to be contradictory with "Make sure that all vCenter Servers in a Linked Mode group are registered to the same vCenter Single Sign-On server." (Linked Mode Prerequisites for vCenter Server)

Regards,

Francis

0 Kudos
bayupw
Leadership
Leadership

In vCenter 5.5 there are 3 deployment options, see this: Getting ready to upgrade production to vCenter Server 5.5? Make sure you're using the corre...

Basically you will need to select 3 on the 2nd, 3rd, and subsequent vCenter SSO installation for Linked Mode to work.

So the 2nd and subsequent vCenter join the same vCenter SSO domain (first vCenter).

See also this whitepaper: VMware® vCenter Server™ 5.5 Deployment Guide

Select Option 1 for the central site's vCenter and the remote site's vCenter select Option 3.

After that you perform the Modify Linked Mode configuration 7 vCenter + 7 vCenter.

There is a nice blog post that explain the steps in details here: Back To Basics: vCenter 5.5 with MultiSite SSO and Linked Mode Configuration « Mike Laveri...

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
DanielOprea
Hot Shot
Hot Shot

Hy,

Please look to this article:

http://vtricks.com/index.php/nggallery/thumbnails?p=1527

PLEASE CONSIDER AWARDING any HELPFUL or CORRECT answer. Thanks!! Por favor CONSIDERA PREMIAR cualquier respuesta ÚTIL o CORRECTA. ¡¡Muchas gracias!! Blogs: http://danieloprea.blogspot.com.es/ https://communities.vmware.com/blogs/doprea
0 Kudos