Registering vCenter Servers from different AD Domains to a Single SSO


Is it possible to register multiple vCenter Servers from different AD Forests with one SSO Server. We want to do this to avoid having to maintain accounts in multiple AD Forests.

So currently we have around 20 vBlocks each with its own AD Domain, vCenter etc... running vSphere 5.0. Each instance of the vBlock has at the minimum 2 DC's, we have already started to see that management challenges in maintaining so many user accounts, rights etc.

Some of the solutions that i can think off include:

- to collapse all these 20 AD Forests and consolidate into one big AD Forest and migrate all vSphere Components into the new AD Forest

- to register all 20 vCenter Servers (VC5.0) with the newly installed SSO Server and then create admin accounts in SSO Local DB and assign permissions on all the vCenters. That way i do not have to use 20 different admin accounts to manage the entire Virtual Infrastructure.

kindly advice.

0 Kudos
1 Reply

Yes,  you can.  Once you add the vCenter servers to the same SSO server, then you are able to assign permissions for users that the SSO knows about to any of those vCenter servers.  I've done the same and wrote about it a few months back:


vExpert/VCP/VCAP / @vmwise -KjB
0 Kudos