vCenter 6.7 Cross SSO Domain Repointing
It’s back, finally! A new feature with vCenter 6.7 is the ability to repoint a vCenter Server to another Platform Services Controller node, that resides in an entirely different vSphere SSO domain. This functionality is huge for domain consolidation, and also domain splitting (which admittedly is a less required use case from what I’ve seen, but something that still can be a useful use case).
Edit: As per a comment from Rupak, I believe this feature is only available on the vCenter Server Appliance and is not available for the Windows deployment of vCenter 6.
vCenter 6.5 PSC Repoint Limitations
This is just a quick note to let you all know of a limitation with vSphere 6.5. Repointing of a vCenter Server to a Platform Services Controller (PSC) in another vSphere SSO domain SITE is not supported. Please see the caution at the top of this VMware KB article.
Note: As of 21/11/2016, the KB article for repointing a VC to a PSC WITHIN the same SSO domain site (see here) also has a caution to say it is not supported with 6.
Repoint vCenter Server to PSC
Introduction This article will walk through the steps required to repoint a vCenter Server 6U1 or later node to a different Platform Services Controller (PSC) node. Scenario one will walk through the steps if the destination PSC is located within the same vSphere SSO site, where as scenario two will walk through the steps if the destination PSC is located in a different vSphere SSO site. This is almost the same process, but repointing a VC to a PSC in a different SSO Site than the original PSC requires an additional step.
Reconfiguring and Repointing vCenter Server to PSC
Introduction Starting with vSphere 6, there are two main roles to a core vCenter infrastructure. The vCenter Server (VC) and the Platform Services Controller (PSC). During deployment, administrators are presented with two deployment options:
Embedded. With an embedded deployment, the VC and PSC roles are installed on the same node External. With an external deployment, the PSC and VC roles are installed onto separate nodes. External deployment also enables the enhanced linked mode feature for vCenter Server Prior to 6.
vSphere 6 - Reconfigure Embedded vCenter to External PSC
Introduction As of vSphere 6.0U1, VMware allow an embedded vCenter server deployment to be reconfigured to an external deployment, which demotes the Platform Services Controller (PSC) components of the embedded node and points the VC server to an external PSC node which resides in the same Single Sign On (SSO) domain as the source embedded node.
This is done by using the utility cmsso-util
Before we get too much further, there are two main uses for cmsso-util:
vSphere New PSC Deployment - Could Not Parse SAML Token For Authentication
In my lab, I deployed vCenter using the appliance as an embedded node using vCenter 6.0.0b. I purposely deployed this build, as an embedded deployment for two reasons:
I haven’t used the appliance before, and I wanted the lab to be simple, but I also wanted to see the upgrade process in action on the appliance I wanted to deploy an external PSC and follow the process to re point the original VC server to the new external PSC, as outlined here: http://pubs.