5 Replies Latest reply on Jul 9, 2019 6:13 AM by lurims

    Multi-site vRO configuration

    TheVMinator Master

      I have multiple sites.  Each site has  dedicated vCenter and a dedicated SSO.  Each site uses a vRO instance and uses its own SSO for authentication.  I want to set up the multi-node plugin to manage workflows across all sites centrally.

       

      How will a workflow created in my central site be able to have permissions to run on my remote sites?  I am currently using "session per user" and not "share a unique session"

        • 1. Re: Multi-site vRO configuration
          Burke- Virtuoso
          VMware Employees

          I don't envision this working at all.

          You are logging in to Main Site using SSO.... Session per user is sending Main Site SSO token through plug-in to remote site that is not using same SSO source = no authentication since remote site doesn't use the same SSO source..

          You need to use Share a unique session when defining your remote servers in the Mult-Site plug-in.

          1 person found this helpful
          • 2. Re: Multi-site vRO configuration
            TheVMinator Master

            OK thanks for the info.  Question though:

            If I use share a unique session, the session I use would be based on a service account from AD.  (I'm using SSO authentication, and SSO is in turn using AD as an identity source, and that service account lives in AD).

             

            So I this case also, I would have the same problem - I'm using SSO at the main site as the basis for that shared unique session. 

             

            So if the fact that I'm using different SSO servers and different vCenters and different AD servers at each site means that I can't use "session per user" authentication, why would I be able to use "share a unique session"?

             

            If I switch to "share a unique session", that won't change the fact that I'm using different SSO servers at each site, it will only change the user name that the session at the main site is based upon from being a user account to a service account, but not change any other aspect of the authentication process.

             

            With this in mind, how would using "share a unique session" be different?

            • 3. Re: Multi-site vRO configuration
              cdecanini_ Virtuoso
              VMware Employees

              It is different because it should let you specify a username and password for each remote vRO host which in turn should authenticate on their respective SSO.

              • 4. Re: Multi-site vRO configuration
                TheVMinator Master

                ok great thanks

                • 5. Re: Multi-site vRO configuration
                  lurims Enthusiast

                  Hi TheVMinator,

                   

                  As you are using the vRO Multi-site for several years now, how do you feel about the vRO multi-site feature robustness for an Enterprise size environment?  I work for big insurance company and want to implement this solution to cover over a dozen of sites and more than fifty vROs as slaves. Initially we run on a need basis to kickoff remote workflows from Master but later bases on the results we may expand the usage.

                   

                  Any one using this feature is welcome to respond to this question.