VMware vSphere

We have a situation with a vSAN stretched cluster between two sites that have fairly segmented networking.  The two sites don't have access to each other's networks.  We will be deploying NSX to allow for failover, but that's not important at the moment.

The challenge is that we want some method for the secondary site to have access to vCenter.   Assuming both sides of the cluster can connect to networks on both sides, creating a second IP on vCenter is a less than desirable configuration as it creates a VM bridge between networks.

I'm sure this scenario is not unique, so what options would we have for providing access to the secondary site's IT personnel for managing their VMs?

Hi Charlie,

I am going to ignore the vSAN bit as that does not seem to enter the equation here? please correct me if I am wrong.
I understand your situation to be; vCenter lives on site A and you have people working at Site B that need to manage VMs at Site B? Access to the network that vCenter lives on is not allowed from Site B.
I have had to deal with networking restrictions similar to this may times just from a security practice.
Stand up a RDS/VDI solution (can be FOS) with VMs that the users on Site B can access, usually via a secure gateway, and allow access to vCenter from these VMs/Server.
This provides a secure managed desktop environment that you can limit users, tools and access, even require 2FA so you know who is accessing what.
This is a normal good security practice.

Multi homing vCenter is not supported.