VMware Cloud Community
Dipak
Enthusiast
Enthusiast

vCenter 5.5 Multi Site SSO Design with Multiple vCenters per site

Apologize for a lengthy explanation of the environment I am working on. Please go thru it fully for a complete understanding.


Okay, lets get directly on to the topic Smiley Happy

We have 3 Physical Sites

Site-A

Site-B

Site-C

SSO Info

A separate VM called Master-SSO-VM

vCenter info (Please don;t ask why we have so many VCs in the environment Smiley Happy)

Site-A

  • VC1 (SSO installed with “vCenter SSO for an additional vCenter in an existing site”)
  • VC2 (SSO installed with “vCenter SSO for an additional vCenter in an existing site”)
  • VC3 (VDI) ((SSO installed with “vCenter SSO for an additional vCenter in an existing site”)

Site-B

  • VC4 (SSO installed with “vCenter SSO for an additional vCenter with a new site”)
  • VC5 (SSO installed with “vCenter SSO for an additional vCenter in an existing site”)

Site-C

  • VC6 (SSO installed with “vCenter SSO for an additional vCenter with a new site”)

Here is our SSO design,

I have a separate VM designated for Master SSO VM in Site-A.

All my VC will have SSO, Inventory, Web Client Installed on them. The SSO on each VC will point to master SSO in Site-A.

Why I decided to have a separate VM for Master SSO? There is no big reason for that, I just wanted to have a separate SSO VM where all other VC’s SSO can point to instead of pointing to a SSO installed on a specific VC.

Here is the attached diagram explaining SSO-Design.PNG

So my question is

1.  Is this the appropriate design for my environment considering we want to have linked vCenters for all of them in the entire environment?

2.  The other issue I encountered is, when I installed my first vCenter server VC3, the vCenter service won’t start and the vpxd.log would throw SSO errors. I fixed it after changing the SSO to the local vCenter address in vpxd.cfg file. It was pointing to the Master-SSO-VM address. Here is the Vmware KB article on the error http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=205808...

Note:

  • We will be Installing vSphere 5.5 and it’s components from scratch
  • Right now we have only Master-SSO-VM and VC3 stood up, we will be slowly adding other VCs into this design if this design make sense.
Reply
0 Kudos
3 Replies
gabinun
Enthusiast
Enthusiast

It looks ok. Did you install it in a lab environment?

GN
Reply
0 Kudos
Dipak
Enthusiast
Enthusiast

I installed this both in LAB and Production environment.

In production i have just installed the Master SSO VM and another VC (VC3) so i wanted a 2nd view before proceeding further in production.

Also both in LAB and Production whenever i installed the SSO, Integration Service, WebClient on the first VC (SSO pointing to the master SSO VM) the vCenter service won't start and i had to modify the vpxd.cfg to point to the local SSO fqdn/ip, then the issue got resolved, i had no clue why that happened. 

Reply
0 Kudos
markdjones82
Expert
Expert

I haven't created as complex an SSO environment as that, but for that method you need a load balancer for HA mode.  If you want them to be linked I would use the multisite mode option  When you install the "Master-SSO" your first VC is pointed to it as a new site correct?  Is that VC1?

vSphere 5.5 Documentation Center

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
Reply
0 Kudos