Yellow Bricks

by Duncan Epping

vcenter

vCenter Single Sign On aka SSO, what do I recommend?

· ·

I have had various people asking me over the last 9 months what I would recommend when it comes to SSO. Would I use a multi-site configuration, maybe even an HA configuration or would I go for the Basic configuration? What about when I have multiple vCenter Server instances, would I share the SSO instance between these or deploy multiple SSO instances? All very valid questions I would say. I have kept my head low intentionally the last year to be honest, but after reading this excellent blog post by Josh Odgers where he posted an awesome  architectural decision flow chart I figured it was time voice my opinion. Just look at this impression of the flow chart (for full resolution visit Josh’s website):

Complex? Yes I agree, probably too complex for most people. Difficult to digest, and that is not due to Josh’s diagramming skills. SSO has various deployment models (multi site, HA, basic), and then there is the option to deploy it centralized or localized as well. On top of that there is also the option to protect it using Heartbeat. Now you can probably understand why the flow diagram ended up looking complex. Many different options but what makes sense?

Justin King already mentioned this in his blog series on SSO (part 1, 2, 3, 4) as a suggestion, but lets drive it home! Although it might seem like it defeats the purpose I would recommend the following in almost every single scenario one can imagine: Basic SSO deployment, local to vCenter Server instance. Really, the KISS principle applies here. (Keep It Simple SSO!) Why do I recommend this? Well for the following simple reasons:

  • SSO in HA mode does not make sense as clustering the SSO database is not supported, so although you just deployed an HA solution you still end up with a single point of failure!
  • You could separate SSO from vCenter, but why would you create a dependency on network connection between the vCenter instance and the SSO instance? It is asking for trouble.
  • A centralized SSO instance sounds like it make sense, but the problem here is that it requires all connecting vCenter instances to be on the same version. Yes indeed, this complicates your operational model. So go localized for now.

So is there a valid reason to deviate from this? Yes there is and it is called Linked Mode. Linked Mode “requires” SSO to be deployed in a “multi-site” configuration, this is probably one of the few reasons I would not follow the KISS principle when there is a requirement for linked-mode… personally I never use Linked Mode though, I find it confusing.

So there you have it, KISS!

vCenter Federation Survey

· ·

One of our product managers asked me if I could share this survey with the world. The topic is vCenter Federation and APIs. It literally takes a couple of minutes to fill out. Your help / input is greatly appreciated, so please if you have those two minutes to spare at the end of the day, then take the time:

http://tinyurl.com/VMwareFederator

Awesome Fling: vCenter 5.1 Pre-Install Check

· ·

One of the things that many people have asked me is how they could check if their environment was meeting the requirements for an upgrade to 5.1. Until today I never really had a good answer for it but fortunately that has changed. Alan Renouf has spent countless of hours developing a script that validated your environment and assesses if it is ready for an upgrade to vSphere 5.1.

This is a PowerShell script written to help customers validate their environment and assess if it is ready for a 5.1.x upgrade. The script checks against known misconfiguration and issues raised with VMware Support. This script checks the Windows Server and Active Directory configuration and provides an on screen report of known issues or configuration issues, the script also provides a text report which can help with further trouble shooting.

Is that helpful or what? Instead of going through the motion your just run this pre-flight script and it will tell you if you are good to go or not, or if changes are required. If you are planning an upgrade or are about to upgrade make sure to run this script.

Awesome job Alan, lets keep these coming!

VMware vCenter Multi-Hypervisor-Manager 1.1 is out, sign up for it!

· ·

VMware vCenter Multi-Hypervisor Manager 1.1 is a minor release with the following new capabilities:

  • Migration of virtual machines from Hyper-V to ESX or ESXi hosts.
  • Support for the latest Microsoft Hyper-V3 hypervisor (as well as the earlier versions).
  • Increased scalability with regards to the number of supported third-party hosts to 50 (from 20 in MHM 1.0).
  • Ability to provide custom certificates for the MHM server from the installer wizard.
  • Multiple objects selection in the UI and a number of other usability improvements.
  • Plus a number of server and client-side bug fixes.

If you have some Hyper-V hosts in your environment that you want to manage, or need to migrate from Hyper-V to vSphere, then make sure to download this nice vCenter add-on. It is in Beta, and I am certain the engineering team will appreciate all the feedback you can give.

vCenter Heartbeat installation and validation

· ·

Today the vCenter Heartbeat team shared a video with me that they created. This video shows the vCenter Heartbeat installation and how to validate the installation itself. The KB Video team blogged about it also today, and you can find there article here which was the foundation for this article.

This video is a first installment of a series answering the most common questions asked by the VMware user community when deploying vCenter Server Heartbeat. Whether deploying in High Availability or Disaster Recovery deployment modes, this video will offer key points, tips and considerations for a successful deployment.

For more detailed information you can find the links to the relevant documentation sites.
To familiarize yourself with the Heartbeat installation requirements, see the Heartbeat documentation page here.

For vSphere 5.1 documentation, see the vSphere 5.1 documentation page here.