jump to navigation

A Tale of Two vCenters – Managing Multiple vCenters Without Linked Mode September 19, 2013

Posted by audiomatron in Uncategorized.
trackback

Okay, it’s really more a tale of three vCenters, but I couldn’t resist using that as a title.. Also, this may be old news to most people, but it’s the most interesting thing I’ve done lately. Plus I couldn’t find exact guidance on exactly how to do this for my situation – I had to piece together how to do this from multiple sources.

For several years, I’ve had only one vCenter to manage. However, a couple of years ago, one of my Bosses started another
company. Recently, his company has done increasingly more business, and while working with him on a job we were doing, I
suggested that this company have its own datacenter. The next thing I know, I have two AD domains, three vCenters (one for
our main company, one for the other company’s server workloads, and one for the other company’s VDI), and a fourth vCenter
on the way (for a DR site). I decided it was time to find a way to manage them all from a single pane of glass.

The first option that was brought to my attention was linked mode, but surprise, surprise, my Essentials Plus license
doesn’t have that ability. All hope is not lost though! This year at VMWorld, I was inspired to give the web client a go,
since that is eventually going to be the only way to administer vCenter. Through a session on vCenter I attended, I was
given a glimmer of how, using SSO and the web client, I can do exactly what I am trying to do here. After many hours and
completely wrecking one vCenter, and with the help of this blog article and an email from its author, I now have one
vSphere web client managing 3 vCenters across two domains. Here’s how I did it:

The Proper Way

If you were starting from scratch (which I did have to do for one vCenter), joining several vCenters is fairly simple.
Make sure you have a trust between your two domains, then do this:

First, you can do a simple install of the first vCenter. Next, if you are working with multiple AD domains, you will need
to log into your first vCenter’s web client as the SSO admin, and add your other domain as an identity source for SSO. On
subsequent vCenter installs, do not do a simple install – instead, install (in this order) inventory service, vCenter
Server, and Web Client, pointing each at the first vCenter’s SSO instance. Afterwards, you can login to the first
vCenter’s web client, and you should see all of your vCenters listed. From there you can add permissions to your various
vCenters in whatever way you wish.

If You Are Not Starting From Scratch

This is where I was. I already had the three vCenters installed and configured. If you take a look at the above referenced
blog post by William Lam, he refrences a VMWare KB article that contains instructions on how to use various scripts to
re-point each piece of vCenter at another SSO instance. I was able to make this work with no trouble on one of my
vCenters. I had to completely reinstall the other vCenter (the VDI one) using the method I described above. Luckily, this
one is not in production.

SSO in 5.5

In the impending release of vSphere 5.5, VMWare has completely re-written SSO from the ground up. The way I understand, it
will be much more simple to deal with. Unfortunately, I was informed at the recent Jackson, MS VMUG I attended that my
current implementation of SSO will break when I update since the two are so different. Rest assured, I will be writing
another article as soon as I find out how to best make the transition from 5.1 to 5.5 with my current setup.

As is my custom, I must now ask: Have any of you done this? Have I missed something? I’d love to hear from you!

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: