VMware Cloud Community
tdubb123
Expert
Expert
‎07-29-2014 07:23 AM

multiple vcenters or single vcenter

I have a vcenter with single sso that have multiple datacenters added.

Then I have installed another vcenter in a different location and added a colocation datacenter to that new vcenter

then I added the 2 vcenter together using linked mode.

Both vcenters have their own sso

moving forward, if I add a new DC location, should i put it in vcenter 1 or 2?

Do I need mutisite sso? or is it better to split ssos

thanks

11 Replies
vfk
Expert
Expert
‎07-29-2014 08:02 AM

What is version of vsphere are you currently using?  SSO 5.1 is pain to deal with and scale, you best option would be to go SSo 5.5 as this is backward compatible and it is much simpler to design.  Watch this session from VMworld 2013, really really https://www.youtube.com/watch?v=-iiyKJGC018 - they talk about how to design your sso for scale from (17min onwards.)

When to Centralize vCenter Single Sign-On Server 5.5 | VMware vSphere Blog - VMware Blogs

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP
tdubb123
Expert
Expert
‎07-29-2014 02:55 PM

I am using sso 5.1

0 Kudos
vfk
Expert
Expert
‎08-01-2014 01:35 PM

Consider upgrading your vCenter to 5.5, SSO is much simpler and easier to manage, and there is only one install, no more multisite install or external database to deal with.  Or at least have SS0 and web client in 5.5 as they are backward compatible.


I highly recommend watching these two sessions from VMworld 2013

  1. https://www.youtube.com/watch?v=ZUFg2iuBjXE
  2. https://www.youtube.com/watch?v=iAyC37kei80

If you are deploying new vcenters go straight to 5.5 and start upgrading the others to 5.5 as well, it is far easier to get this now.

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP
RubyIvy
Enthusiast
Enthusiast
‎08-01-2014 09:35 PM

Hi tdubb123,

As far as the addition of new DC to your existing Environment is concerned and it is on a different site you might want to break sso and reinstall it in multisite mode and add it to any VC which can communicate with this newly added DC.

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful.
0 Kudos
tdubb123
Expert
Expert
‎08-01-2014 10:40 PM

Hi what could multisite sso do? The db for multisite would still be in a single location right?

0 Kudos
RubyIvy
Enthusiast
Enthusiast
‎08-01-2014 11:34 PM

Their would be two different SSO's so they would have their own DB but the Data would be replicated manually to make it in sync.

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful.
0 Kudos
tdubb123
Expert
Expert
‎08-02-2014 12:00 AM

Hi what would be the difference between a multisite sso vs a linked mode vcenter?

0 Kudos
RubyIvy
Enthusiast
Enthusiast
‎08-02-2014 02:08 AM

Multisite mode is designed for deployments with multiple physical locations. Installing a Single Sign-On instance at each site allows fast access to local authentication-related services. Each Single Sign-On instance is connected to the local instances of the AD (LDAP) servers and has its own database with local users and groups. In each datacenter, you can install Single Sign-On in standalone or clustered mode, pointing to the identity sources in that location.


Multisite deployment is useful when a single administrator needs to administer vCenter Server instances that are deployed on geographically dispersed sites, with separate vCenter Single Sign-On instances for each site.To view all such vCenter Server instances from a single vSphere Client or vSphere Web Client, you must configure the vCenter Server instances in Linked Mode.


Hence no difference Smiley Happy

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful.
0 Kudos
vThinkBeyondVM
VMware Employee
VMware Employee
‎08-02-2014 03:25 AM

Here is the detailed description on SSO multisite and vCenter linked mode:

Introduction to Multisite vCenter Single Sign-On Deployments

The vCenter Single Sign-On multisite configuration is designed for deployments with multiple physical locations. Installing a vCenter Single Sign-On instance at each site allows fast access to local authentication-related services. Each vCenter Single Sign-On instance is connected to the local instances of the AD (LDAP) servers and has its own database with local users and groups.

Multisite deployment is useful when a single administrator needs to administer vCenter Server instances that are deployed on geographically dispersed sites. To view all vCenter Server instances from a single vSphere Client or Web Client, you must configure the vCenter Server instances in Linked Mode.

Note: Multisite Single Sign-On deployment is designed only for faster local access to authentication-related services. It does not provide failover between Single Sign-On servers on different sites. When the Single Sign-On instance on one site fails, its role is not taken over by a peer Single Sign-On instance on another site. All authentication requests on the failed site will fail, even if peer sites are fully functional.

In multisite Single Sign-On deployments, each site is represented by one Single Sign-On instance: one Single Sign-On server, or a high-availability cluster. The Single Sign-On site entry point is the machine that other sites communicate with. This is the only machine that needs to be visible from the other sites. In a clustered deployment, the entry point of the site is the machine where the load balancer is installed.

Note: For further information, please see:

vCenter Single Sign-On Deployment Modes


Refer:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203407...


Using vCenter Server in Linked Mode

You can join multiple vCenter Server systems using vCenter Linked Mode to allow them to share information. When a server is connected to other vCenter Serversystems using Linked Mode, you can connect to that vCenter Server system and view and manage the inventories of the linked vCenter Server systems.

Linked Mode uses Microsoft Active Directory Application Mode (ADAM) to store and synchronize data across multiple vCenter Server systems. ADAM is installed as part of vCenter Server installation. Each ADAM instance stores data from the vCenter Server systems in the group, including information about roles and licenses. This information is replicated across all of the ADAM instances in the connected group to keep them in sync.

When vCenter Server systems are connected in Linked Mode, you can perform the following actions:

Log in simultaneously to vCenter Server systems for which you have valid credentials.

Search the inventories of the vCenter Server systems in the group.

View the inventories of the vCenter Server systems in the group in a single inventory view.

You cannot migrate hosts or virtual machines between vCenter Server systems connected in Linked Mode.

Refer:vSphere 5.5 Documentation Center

Additional resources:

vCenter Single Sign-On - Part 2: Deployment Options | VMware vSphere Blog - VMware Blogs

vSphere 5.5 - SSO Multi-Site Deployment - Learning by Doing | vTricks.com



----------------------------------------------------------------
Thanks & Regards
Vikas, VCP70, MCTS on AD, SCJP6.0, VCF, vSphere with Tanzu specialist.
https://vThinkBeyondVM.com/about
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

0 Kudos
tdubb123
Expert
Expert
‎08-03-2014 08:29 PM

Yes It seems to be the same thing for multisite sso installation vs single site sso and join them via linked mode in a single VC.

If I am managing multiple DC locations with a single VC plus linked mode, do you think I need multisite sso?

right now I have 2 VCs joined with linked mode. Each vc has its own sso, inventory, db.

If I add another DC, should i just add it as a DC or create another VC? I dont think i have tha tmany vc licenses.

What information is multisite sso replicating?

0 Kudos
RubyIvy
Enthusiast
Enthusiast
‎08-05-2014 08:19 AM

The data to replicate includes local users and groups and the configuration of the STS server.

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful.
0 Kudos