Posted on by Robin Clarke

Link vCenter VCSA appliances so that you can manage from one single login or SSO domain

Problem:

I have two different vCenter VCSA appliances but want to link them so that I only have to login once and manage them both in the same console

Solution:

Unless you are building a new VCSA where you can do this in the GUI you have to issue a command to join the SSO domains for the vCenter servers.

Login to the VCSA and change to the scripts directory:

root@vc01 [ /tmp ]# cd /usr/lib/vmidentity/tools/scripts/

 

Then issue the below command from the first VCSA and enter the fqdn of the 2nd VCSA where I have entered vc02.domain.com

root@vc01 [ /usr/lib/vmidentity/tools/scripts ]# cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn vc02.domain.com --replication-partner-admin Administrator --dest-domain-name vsphere.local

 

Enter the passwords when prompted:

Enter Source embedded vCenter Server Admin Password :
Enter Replication partner Platform Services Controller Admin Password :

 

You will see some warning information:

The domain-repoint operation will export License, Tags, Authorization data
before repoint and import after repoint.

WARNING: Global Permissions for the source vCenter Server system will be lost. The
         administrator for the target domain must add global permissions manually.
         Source domain users and groups will be lost after the Repoint operation.
         User 'Administrator@vsphere.local' will be assigned administrator role on the
         source vCenter Server system.

         The default resolution mode for Tags and Authorization conflicts is Copy,
         unless overridden in the conflict files generated during pre-check.

         Solutions and plugins registered with vCenter Server must be re-registered.

         Before running the Repoint operation, you should backupof all nodes
         including external databases. You can use file based backups to restore in
         case of failure. By using the Repoint tool you agree to take the responsibility
         for creating backups, otherwise you should cancel this operation.

         Starting with vSphere 6.7, VMware announced a simplified vCenter Single Sign-On
         domain architecture by enabling vCenter Enhanced Linked Mode support for
         vCenter Server Appliance installations with an embedded Platform Services
         Controller. You can use the vCenter Server converge utility to change the
         deployment topology from an external Platform Services Controller to an
         embedded Platform Services Controller with support for vCenter Enhanced Linked
         Mode. As of this release, the external Platform Services Controller
         architecture is deprecated and will not be available in future releases. For
         more information, see https://kb.vmware.com/s/article/60229

         The following license keys are being copied to the target Single Sign-On
         domain. VMware recommends using each license key in only a single domain. See
         "vCenter Server Domain Repoint License Considerations" in the vCenter Server
         Installation and Setup documentation.

 

Then confirm and you should see the below:

VCSA SSO domain link

Related Posts:

One Reply to “Link vCenter VCSA appliances so that you can manage from one single login or SSO domain”

Leave a Reply

Your email address will not be published. Required fields are marked *