VMware Cloud Community
Joffer
Enthusiast
Enthusiast
Jump to solution

ELM with two seperate AD domains and two vcenters 6.x?

Lets say I got 2 seperate vCenter 6.x. Each vCenter/PSC has it's own seperate AD domain for authentication.

Can I get Enhanched Linked Mode out of this?

If we just drop HA/load balancing for simplicity, will it be one PSC for each active domain, and also give it a PSC/vSphere SSO site, while both are in the same vSphere SSO Domain (normally vpshere.local) and the two PSC replicate eachother? Will it be ELM then? How would an admin see both vcenters when the administrators login would be different (maybe same username but different domain: myadmin@domain1.local and myadmin@domain2.local)? It can't really be single sign-on when you have two logins, one for each vCenter

Two joined Platform Services Controller instances with two vCenter Server instnaces connected to each Platform Services Controller.

I know there are manual failover here if a PSC is down, so don't mind the single points of failures here, more the features.

1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
Jump to solution

That is correct . From a ELM perspective PSC should be in one SSO domain same AD or different AD doesn't matter. But from a AD user perspective  there should be trust between the AD domain.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

3 Replies
Sreec
VMware Employee
VMware Employee
Jump to solution

AFAIK this should work as long as you have trust between both the AD domains.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos
Joffer
Enthusiast
Enthusiast
Jump to solution

Then, to have access to view the second vCenter then the user on the trusted neighbour domain has to be added to a role that gives him access..

I guess I kinda got my answer from asking it myself and laying it out, and your answer Sreec​.

Maybe the ELM will be there and show the vCenters, but without one user in domain1 being added in a group in domain2 via domain trust, *he can't see objects in the other vCenter.. Seems correct..

Microsoft Active Directory Trusts supported with VMware vCenter Single Sign-On (2064250) | VMware KB

Reply
0 Kudos
Sreec
VMware Employee
VMware Employee
Jump to solution

That is correct . From a ELM perspective PSC should be in one SSO domain same AD or different AD doesn't matter. But from a AD user perspective  there should be trust between the AD domain.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered