VMware NSX

 View Only
  • 1.  Cross vCenter NSX with separate SSO Domain

    Posted Oct 05, 2020 05:28 PM

    In our current setup we have 3 NSX managers, let’s call them A, B, C, where A is Primary.

    We also have 3 vCenter servers, let`s call them 1,2,3.

    Managers A is registered with vC 1, manager B is registered with vC 2. vCenter 1 and 2 share same SSO domain and are in Enhanced Linked Mode.

    Manager C is registered to vCenter 3. This vCenter however is not sharing SSO with 1 and 2. Therefore NSX Manager 3 can only be Managed from vCenter 3.

    Is this X-vCenter NSX setup supported with vCenter servers in separate SSO Domains? Does NSX need vCenters to be in the same SSO domain?

    Is there a document that shows process to build x-vcenter NSX with separate SSO domains?

  • 2.  RE: Cross vCenter NSX with separate SSO Domain

    Posted Oct 06, 2020 05:51 AM

    Hey joeflint​,

    "Using Cross-vCenter NSX Without Enhanced Linked Mode

    Enhanced Linked Mode is not a prerequisite or requirement for cross-vCenter NSX. Without Enhanced Linked Mode, you can still create cross-vCenter universal transport zones, universal switches, universal routers, and universal firewall rules. However, without Enhanced Linked Mode in place, you must log in to the individual vCenter Servers to access each NSX Manager instance."

    As you can see it is not a requirement to configure Cross-vCenter, the only issue you will face is that for administering the solution, you will need to open more than one vCenter as you do not have Enhanced Linked Mode configured but all the functionalities will work.

    Here is the official documents:Cross-vCenter NSX and Enhanced Linked Mode

  • 3.  RE: Cross vCenter NSX with separate SSO Domain

    Posted Oct 06, 2020 07:46 AM

    Hello Lalegre, thanks for your input.

    I've seen documents on x-center NSX with and without ELM and OK with that. However, the main concern is where we have separate SSO domains for the vCenter servers, and would like to establish whether this is supported. To date not had a response from VMware and neither is this stated in their documentation.

    The VMware guides refer to a commen “administrative domain” but do NOT make clear what this means - does this mean single SSO or something else?

  • 4.  RE: Cross vCenter NSX with separate SSO Domain

    Posted Oct 06, 2020 08:58 AM

    Enhanced Linked Mode requirement is to share the same SSO domain across all the PSCs and have one point of administration across all the vCenter Servers. Having said that, the support for "NO Enhanced Linked Mode", means you can configure everything using different SSO Domains.