Lets say I got 2 seperate vCenter 6.x. Each vCenter/PSC has it's own seperate AD domain for authentication.
Can I get Enhanched Linked Mode out of this?
If we just drop HA/load balancing for simplicity, will it be one PSC for each active domain, and also give it a PSC/vSphere SSO site, while both are in the same vSphere SSO Domain (normally vpshere.local) and the two PSC replicate eachother? Will it be ELM then? How would an admin see both vcenters when the administrators login would be different (maybe same username but different domain: myadmin@domain1.local and myadmin@domain2.local)? It can't really be single sign-on when you have two logins, one for each vCenter
I know there are manual failover here if a PSC is down, so don't mind the single points of failures here, more the features.
That is correct . From a ELM perspective PSC should be in one SSO domain same AD or different AD doesn't matter. But from a AD user perspective there should be trust between the AD domain.
AFAIK this should work as long as you have trust between both the AD domains.
Then, to have access to view the second vCenter then the user on the trusted neighbour domain has to be added to a role that gives him access..
I guess I kinda got my answer from asking it myself and laying it out, and your answer Sreec.
Maybe the ELM will be there and show the vCenters, but without one user in domain1 being added in a group in domain2 via domain trust, *he can't see objects in the other vCenter.. Seems correct..
Microsoft Active Directory Trusts supported with VMware vCenter Single Sign-On (2064250) | VMware KB
That is correct . From a ELM perspective PSC should be in one SSO domain same AD or different AD doesn't matter. But from a AD user perspective there should be trust between the AD domain.