I could really do with some advice on this. It's been shelved for a while while we decide which approach to take, but we want the test system we have here in vCenter. I already have 2 test "sites" in as datacenter objects, which works well, the others will be added over time.
I think I may know what you are talking about. So you want to have a root administrator for all sites but local admin access to the site they are at without being able to view the rest of your virtual infrastructure? If so, then yes, it can be done without 'linked mode'. I used linked mode and it does work but it also makes for a single point of failure; if your vCenter server were to have any interruptions, no one else would be able to reach their sites. It's a serious planning consideration weighing all possibilities.
What we have done is keep site specific vCenter but create groups (local or in AD if all your servers are in a forest) thru the vCenter server itself. You have to be on the server (RDP) and modify the access groups locally. Then when viewed through either the client or VUM, the access is viewed without anyone modifying it.
Hope this helps,
Thanks for that. I did wonder if that's what we'd have to do but wasn't sure. We'd like to have a single pane of glass management if at all possible rather than multiple RDP sessions, but if that's what we need to do then so be it.
Are there any third-party applications anyone is aware of that we could put all vCenters into and manage then independently but from one place? I'll have a look, but the thought just occurred so thought I'd throw it out there - reviews of first-hand experience with these things is always better than marketing blurb. I'll have a chat with Mr Google about it when I get time.