Best practice to install SSO & change certificates...

DieterA · ‎01-15-2014

We are about to upgrade our vcenter 5.0 servers to version 5.5, however there is something that we are discussing about and can't get sorted out.

I'll just throw it out there and ask for your 2 cents.

Current setup:

- We have 2 vcenter 5.0 servers that are connected in linked mode (1 server manages production, the other one manages test/acceptance)

Desired setup:

We would like to upgrade our servers to vcenter 5.5.0b and leave them in linked mode. We know that before the upgrade we have to unlink them and after the upgrade link them again.

Now for the questions:

- Question 1: Should we have 2 seperate SSO instances or is it best to create a multi-site SSO?

- Question 2: If you recommend a multi-site SSO, when we change the default certificate on the first instance do we have to change the certificate on the second server as well or is this replicated?

rbos3 · ‎01-16-2014

Hi there DieterA,

Based on your setup I would recommend having two seperate SSO instances. As it is test/acceptation versus production.

You want to be able to test things out without messing up your production environment.

Are you currently using default certificates for all components of vCenter Server? Before upgrading to vSphere 5.1+ I would recommend using signed certificates to prevent any issues that could arrise when using self-signed certificates. While upgrading my test environment to vSphere 5.5 I had some certificate issues and had to replace the self signed ones for signed certificates (which can be an internal CA ofcourse).

I don't have any experience with linked-mode so let me know how things went! 😃

Cheers!

René

--- If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks! Visit my blog at http://snowvm.com ---

All

Best practice to install SSO & change certificates on Vcenter 5.5?