Hi guys,
Our large enterprise needs to upgrade to 5.1 asap. The only thing that holds us back is this SSO piece of the puzzle. We cuuently have multiple vcenters around 20 across the globe in America, Europe, Asia. Knowing that each Vmware service will be affected by SSO we need to design this properly
We got about 3 options right now not sure which one we are better to go with
Option 1(I personally think we should go with): Each region like America, Europe, Asia will have a single SSO DB and all the Vcenters will be in the same SSO HA. Each SSO in the region will have a SQL cluster behind it. This will be a combination of SSO HA mode and SSO multi-site HA mode.
Option 2: Because the SSO DB is so small and the WAN traffic wont be much to the SQL cluster just have one SSO DB and every Vcenter will be joined to that SSO DB in HA mode. ( In case something does happen with SSO DB all the 20Vcenters will be locked, nobody will be able to log in to them)
Option 3: Each Vcenter will have it`s own local SSO DB and be managed locally. If there are problems with a Vcenter the rest of vcenter wont be affected at all. Problem with this setup ( We want to have 10 vcenters linked to each other, but thats only possible if all Vcenter point to the same SSO DB in the HA mode)
What do you guys think ? How should we go.. please correct me if I got any miss understandning of how all of this works.