VMware Cloud Community
Sam30
Enthusiast
Enthusiast
‎06-18-2014 02:15 PM

vCenter 5.5 in linked mode & SSO

I'm planning to upgrade my two vSphere environments from vCenter 5.0 to vCenter 5.5 currently running in linked mode which are in two different geographical location .

Even after the upgrade I plan on to keep them in Linked mode, question is can I keep two separate basic SSO's for my both vCenter instances or it HAS to be Primary SSO in one geographical location  & additional SSO instance in other geographical location given that I want my vCenter servers to be in linked mode?

Can I put only one SSO instance to be in use if it's linked mode ? Or can I keep two separate SSO instances for both locations & have the authentication via local SSO servers?

Other Question Scenario:-

Geographical Location A

vCenter Server A

Primary SSO 

Local Domain Controller A

Web Client A

Geographical Location B

vCenter Server B

Secondary Mutilsite SSO

Local Domain Controller B

Web Client B


If I log into vCenter B how my authentication will flow ?

Will it go via WebClient B -> Primary SSO in location A -> Domain Controller A -> vCenter Server B ?


If so wouldn't that cause latency issues while logging in ?

0 Kudos
1 Reply
bayupw
Leadership
Leadership
‎06-18-2014 03:59 PM

You can read this blog on vCenter 5.5 SSO: Allow me to introduce you to vCenter Single Sign-On 5.5 | VMware vSphere Blog - VMware Blogs

"The new architecture is based on a multi-master model where each instance is automatically kept up to date with it peers via builtin replication. "

Also read this blog to understand the vCenter 5.5 SSO deployment options before installing: Getting ready to upgrade production to vCenter Server 5.5? Make sure you're using the correct deploy...

vSphere 5.5 Documentation Center - vCenter Single Sign-On Deployment Modes

There are 3 deployment mode and deployment option 3 is required for Linked Mode.

"Option 3 - Multiple Single Sign-On instances in different locations: This deployment mode is required if you have geographically dispersed vCenter Servers in Linked Mode."

"Deploying multiple vCenter Servers either local to each other or geographically separated, say for use with Linked Mode ... by selecting deployment option #3 vCenter Single Sign-On for an additional vCenter Server instance with a new site. This selection will create a replication partner and have no dependency on the first vCenter Single Sign-On server deployed."

Theres also a whitepaper on vCenter 5.5 Deployment Guide: http://www.vmware.com/files/pdf/vcenter/VMware-vCenter-Server-5.5-Technical-Whitepaper.pdf

Read also these links:

Back To Basics: vCenter 5.5 with MultiSite SSO and Linked Mode Configuration «  Mike Laver...

vSphere 5.5 - SSO Multi-Site Deployment - Learning by Doing | vTricks.com

vSphere 5.5 Documentation Center - Linked Mode Considerations for vCenter Server

If you need to uninstall and reinstall vCenter Server on more than one member of a Linked Mode group, do so with a single vCenter Server at a time. Uninstalling and reinstalling multiple linked vCenter Servers at the same time is not supported, and can cause errors that prevent vCenter Server from connecting to vCenter Inventory Service. If it is necessary to uninstall and reinstall multiple linked vCenter Servers at the same time, isolate them from the Linked Mode group first, and rejoin them to the Linked Mode group after the reinstallation is complete.

VMware KB:    Upgrading to vCenter Server 5.5 best practices

"Before you upgrade any vCenter Server that belongs to a Linked Mode group, remove it from the Linked Mode group. Upgrading vCenter Servers that are members of a Linked Mode group can cause the upgrade to fail, and can leave vCenter Servers in an unusable state. After you upgrade all members of a Linked Mode group to version 5.5, you can rejoin them."

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos