vCenter Server provides several ways to deploy vCenter Single Sign-On to best serve your vSphere environment.

You can deploy vCenter Single Sign-On in one of three modes.

Standalone vCenter Single Sign-On Server

This deployment mode creates the first or only vCenter Single Sign-On instance of the vsphere.com domain. vCenter Server Simple Install deploys vCenter Single Sign-On in standalone mode.

Standalone vCenter Single Sign-On Server deployment supports the connectivity of Active Directory, OpenLDAP, Local Operating System, and vCenter Single Sign-On embedded users and groups. In most cases, the vCenter Single Sign-On instance is installed on the same host machine as vCenter Server, as with the vCenter Server Simple Install option, or the vCenter Server Appliance.

The Standalone vCenter Single Sign-On Server deployment is appropriate in the following circumstances:

If you have a single vCenter Server of any supported inventory size: up to 1,000 hosts or 10,000 virtual machines.

If you have multiple geographically dispersed locations, each with a local vCenter Server instance, and you do not require a single-pane-of-glass view as provided by vCenter Linked Mode.

If you are deploying the primary vCenter Single Sign-On instance of a high-availability vCenter Single Sign-On cluster.

If you are deploying the first vCenter Single Sign-On instance of a multisite vCenter Single Sign-On domain.

High availability

With this deployment mode you install a vCenter Single Sign-On instance as a high-availability partner to an existing primary vCenter Single Sign-On Server instance that you previously deployed in standalone mode in the same location. After you place the primary and high availability instances behind a third-party network load balancer (for example, Apache HTTPD or vCNS), the VMware Directory Service instances of the vCenter Single Sign-On instances start replicating information among each other. vCenter Single Sign-On administrator users, when connected to vCenter Server through the vSphere Web Client, will see the primary vCenter Single Sign-On instance.

This deployment mode has the following limitations:

It provides failover only for the vCenter Single Sign-On service. It does not provide failover for the vCenter Single Sign-On host machine.

It supports the connectivity of Active Directory, OpenLDAP and vCenter Single Sign-On embedded users and groups, but does not support the use of local operating system user accounts.

See vCenter Single Sign-On and High Availability for high availability options.

See http://kb.vmware.com/kb/2112736 for vCenter Single Sign-On high availability compatibility matrix.

Multisite

With this deployment mode you install a vCenter Single Sign-On instance as a replication partner to an existing vCenter Single Sign-On Server instance that you previously deployed in a different location. Multisite deployment is required when a single administrator needs to administer vCenter Server instances that are deployed on geographically dispersed sites in Linked Mode.

Each site is represented by one vCenter Single Sign-On instance with one vCenter Single Sign-On server. The vCenter Single Sign-On site entry point is the machine that other sites communicate with. This is the only machine that needs to be visible from the other sites.

Note

This deployment mode is required if you have geographically dispersed vCenter Servers in Linked Mode. You might also consider this mode in the following cases:

If multiple vCenter Servers require the ability to communicate with each other.

If you require one vCenter Single Sign-On server security domain for your organization.

This deployment mode has the following limitations:

It supports the connectivity of Active Directory, OpenLDAP and vCenter Single Sign-On embedded users and groups, but does not support the use of local operating system user accounts.

High-availability clusters are unsupported in multisite vCenter Single Sign-On deployments.

You can install the vCenter Single Sign-On instances in this deployment mode in any order. Any node that is installed after the first node can point to any node that is already installed. For example, the third node can point to either the first or second node.

For information about the differences in the vCenter Single Sign-On deployment modes depending on the vSphere 5.5 build, see http://kb.vmware.com/kb/2072435.