Those of who have been following the recent update with vSphere 5.5/vCenter 5.5 would have noticed the significant number of improvements we have made when it comes to Single Sign-On At a high level, the main improvements are:

  • A New Multi-Master Model
  • Replication between SSO Servers are now Automatic (Similar model to your Active directory Sites and Services)
  • Site Aware
  • No More Database (That’s right… we use Active Directory now)
When discussing vCenter Single Sign-On with customers, there is always a discussion which seems to resinate around architecting the application for higher availability; especially when there are corresponding VMware solutions which are dependant on vCenter being available.

For example, you may have a Horizon View deployment which utilises linked-clones and a re-compose event which takes places after log off – As this is largely dependant on the vCenter Server being available to serve the request, vCenter will not be operational if Single Sign-On is offline, hence the discussion of high availability (HA).

Most of you are familiar with ESXi and the HA architecture, which can protect us from host failure/isolation and to some degree; VMware Tools which can assist with VM restarts during OS BSOD/PSOD’s. In most cases this solution is good enough – It’s simple, and doesn’t require any complex configurations or management overhead.

However if Single Sign-On HA is still on the top of your list, then we do have some options for you. At a high level, vCenter Single Sign-On HA requires a load balancer + CA Signed Certificates. This can be rather complex to configure especially if you’ve never played with Load Balancers and or Certificates.

The following guides will cover the detailed steps in order to implement vCenter Single Sign-On HA with CA Signed Certificates and the corresponding Load Balancer. To also make things a little easier to understand, these guides will utilise the architecture below;

vcenter_sso_topology

How to Load Balance vCenter Single Sign-on 5.5 Using;